Fluid Attacks Database

Description

ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds An integer overflow in the PSB (PSD v2) RLE decoding path causes a heap out-of-bounds read on 32-bit builds. This can lead to information disclosure or a crash when processing crafted PSB files.

=================================================================
==3298==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf512eb00 at pc 0xf76760b5 bp 0xffc1dfb8 sp 0xffc1dfa8
READ of size 8 at 0xf512eb00 thread T0
    #0 0xf76760b4 in ReadPSDChannelRLE coders/psd.c:1141

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q16-openmp-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q8-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q8-openmp-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q8-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x86	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-arm64	>=0 <14.10.3	14.10.3

1-10 of 19

Aliases

1. CVE-2026-259842. NVD-2026-259843. OSV-2026-259844. GHSA-273h-m46v-96q45. GCVE-2026-25984

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q42. https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c3. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3