Fluid Attacks Database

Description

ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field

Summary

A stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash.

=================================================================
==3537074==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee4850ef0 at pc 0x5607c408fb33 bp 0x7ffee484fe50 sp 0x7ffee484fe40
WRITE of size 1 at 0x7ffee4850ef0 thread T0

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q16-hdri-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q8-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x86	>=0 <14.10.3	14.10.3
debian 13	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.43+dfsg1-1+deb13u1 \|\| =8:7.1.1.43+dfsg1-1+deb13u2 \|\| =8:7.1.1.43+dfsg1-1+deb13u3 \|\| =8:7.1.1.43+dfsg1-1+deb13u4 \|\| =8:7.1.1.43+dfsg1-1+deb13u5 \|\| >=0 <8:7.1.1.43+dfsg1-1+deb13u6	8:7.1.1.43+dfsg1-1+deb13u6
nuget	magick.net-q16-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-x64	>=0 <14.10.3	14.10.3

1-10 of 22

Aliases

1. CVE-2026-259672. NVD-2026-259673. OSV-2026-259674. OSV-DEBIAN-2026-259675. GHSA-72hf-fj62-w6j46. GCVE-2026-259677. SECURITY-TRACKER-CVE-2026-25967

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j42. https://github.com/ImageMagick/ImageMagick/commit/9afe96cc325da1e4349fbd7418675af2f8708c103. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3