Fluid Attacks Database

Description

ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) In ReadSFWImage() (coders/sfw.c), when temporary file creation fails, read_info is destroyed before its filename member is accessed, causing a NULL pointer dereference and crash.

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1414421==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x56260222912f bp 0x7ffec0a193b0 sp 0x7ffec0a19360 T0)
    #0 0x56260222912f  (/data/ylwang/LargeScan/targets/ImageMagick/utilities/magick+0x235f12f)

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q8-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-x86	>=0 <14.10.3	14.10.3
nuget	magick.net-q8-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x86	>=0 <14.10.3	14.10.3

1-10 of 24

Aliases

1. CVE-2026-257952. NVD-2026-257953. OSV-2026-257954. OSV-DEBIAN-2026-257955. GHSA-p33r-fqw2-rqmm6. GCVE-2026-257957. SECURITY-TRACKER-CVE-2026-25795

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm2. https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff503. https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f54. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3