Fluid Attacks Database

Description

ImageMagick has a heap buffer over-read in its MAP image decoder A heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding.

=================================================================
==4070926==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000002b31 at pc 0x56517afbd910 bp 0x7ffc59e90000 sp 0x7ffc59e8fff0
READ of size 1 at 0x502000002b31 thread T0

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q8-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q8-x86	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x86	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-x64	>=0 <14.10.3	14.10.3

1-10 of 25

Aliases

1. CVE-2026-259872. NVD-2026-259873. OSV-2026-259874. OSV-DEBIAN-2026-259875. GHSA-42p5-62qq-mmh76. GCVE-2026-259877. SECURITY-TRACKER-CVE-2026-25987

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh72. https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a3. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3