logo

Database

Out-of-bounds read In magick.net-q8-arm64

Description

ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder A crafted SVG file can cause a denial of service. An off-by-one boundary check (> instead of >=) that allows bypass the guard and reach an undefined (size_t) cast.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 25

10

Aliases

1. CVE-2026-259892. NVD-2026-259893. OSV-2026-259894. OSV-DEBIAN-2026-259895. GHSA-7355-pwx2-pm846. GCVE-2026-259897. SECURITY-TRACKER-CVE-2026-25989

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm842. https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d953. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.