MEDIUM 5.3 NuGet
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption
GHSA-xg29-8ghv-v4xr · CVE-2026-25970
Published · Modified
Description
A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==143838==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000
#0 0x7f379d5adb53 (/lib/x86_64-linux-gnu/libc.so.6+0xc4b53)
Ready to move
Start Securing
Free, no credit card | First findings in minutes