Fluid Attacks Database

Description

ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write An Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write.

=================================================================
==1967675==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf190b50e at pc 0x5eae8777 bp 0xffb0fdd8 sp 0xffb0fdd0
WRITE of size 1 at 0xf190b50e thread T0

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q16-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-x86	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x86	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-x86	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-x64	>=0 <14.10.3	14.10.3

1-10 of 25

Aliases

1. CVE-2026-258972. NVD-2026-258973. OSV-2026-258974. OSV-DEBIAN-2026-258975. GHSA-6j5f-24fw-pqp46. GCVE-2026-258977. SECURITY-TRACKER-CVE-2026-25897

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp42. https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e603. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3