MEDIUM 5.3 NuGet
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
GHSA-mqfc-82jx-3mr2 · CVE-2026-25986
Published · Modified
Description
A heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer.
=================================================================
==204642==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5170000002e0 at pc 0x562d21a7e8de bp 0x7fffa9ae1270 sp 0x7fffa9ae1260
WRITE of size 8 at 0x5170000002e0 thread T0
Ready to move
Start Securing
Free, no credit card | First findings in minutes