logo

Database

Non-encrypted confidential information In magick.net-q16-hdri-arm64

Description

ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash A logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service.

coders/yuv.c:210:47: runtime error: division by zero
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3543373==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x55deeb4d723c bp 0x7fffc28d34d0 sp 0x7fffc28d3320 T0)
    #0 0x55deeb4d723c in ReadYUVImage coders/yuv.c:210
    #1 0x55deeb751dff in ReadImage MagickCore/constitute.c:743
    #2 0x55deeb756374 in ReadImages MagickCore/constitute.c:1082
    #3 0x55deec682375 in CLINoImageOperator MagickWand/operation.c:4959...

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 25

10

Aliases

1. CVE-2026-257992. NVD-2026-257993. OSV-2026-257994. OSV-DEBIAN-2026-257995. GHSA-543g-8grm-9cw66. GCVE-2026-257997. SECURITY-TRACKER-CVE-2026-25799

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw62. https://github.com/ImageMagick/ImageMagick/commit/49000e7298fbfdd759ac2c46f740f40c2e9b74523. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.