logo

Database

Asymmetric denial of service In magick.net-q16-hdri-arm64

Description

ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image A NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in Denial of Service.

AddressSanitizer:DEADLYSIGNAL
=================================================================
==3704942==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x7f9d141239e0 bp 0x7ffd4c5711e0 sp 0x7ffd4c571148 T0)
    #0 0x7f9d141239e0  (/lib/x86_64-linux-gnu/libc.so.6+0xc49e0)
    #1 0x558a25e4f08d in ClonePixelCacheRepository._omp_fn.0 MagickCore/cache.c:784
    #2 0x7f9d14c06a15 in GOMP_parallel (/lib/x86_64-linux-gnu/libgomp.so.1+0x14a15)
    #3 0x558a25e43151 in ClonePixelCacheRepository MagickCore/cache.c:753
    #4 0x558a25e49a96 in OpenPixelCache MagickCore/cache.c:3849...

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 24

10

Aliases

1. CVE-2026-257982. NVD-2026-257983. OSV-2026-257984. OSV-DEBIAN-2026-257985. GHSA-p863-5fgm-rgq46. GCVE-2026-257987. SECURITY-TRACKER-CVE-2026-25798

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq42. https://github.com/ImageMagick/ImageMagick/issues/85673. https://github.com/ImageMagick/ImageMagick/commit/e046417675d5c26e5f48816851a406c121c774694. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.