HIGH 8.2 NuGet
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions
GHSA-vhqj-f5cj-9x8h · CVE-2026-25794
Published · Modified
Description
WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. When image dimensions are large, the multiplication overflows 32-bit int, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write.
==1575126==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc382ef3820 at pc 0x5560d31f229f bp 0x7ffe865f9530 sp 0x7ffe865f9520
WRITE of size 8 at 0x7fc382ef3820 thread T0
#0 0x5560d31f229e in WriteUHDRImage coders/uhdr.c:807
References
- WEB https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-25794
- WEB https://github.com/ImageMagick/ImageMagick/commit/ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed
- PACKAGE https://github.com/ImageMagick/ImageMagick
- WEB https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
Ready to move
Start Securing
Free, no credit card | First findings in minutes