Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25984 (GCVE-0-2026-25984)
Vulnerability from cvelistv5 – Published: – Updated: 2026-02-23 21:24
VLAI?
EPSS
This CVE was assigned in error.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-02-23T21:24:38.972Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE was assigned in error."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25984",
"dateRejected": "2026-02-23T21:24:38.972Z",
"dateReserved": "2026-02-09T17:41:55.857Z",
"dateUpdated": "2026-02-23T21:24:38.972Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25984\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-23T22:16:25.087\",\"lastModified\":\"2026-02-23T22:16:25.087\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE was assigned in error.\"}],\"metrics\":{},\"references\":[]}}"
}
}
WID-SEC-W-2026-0484
Vulnerability from csaf_certbund - Published: 2026-02-23 23:00 - Updated: 2026-02-25 23:00Summary
ImageMagick: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.
Angriff
Ein Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere nicht näher definierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder andere nicht n\u00e4her definierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0484 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0484.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0484 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0484"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3j4x-rwrx-xxj9"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xwc6-v6g8-pw2h"
}
],
"source_lang": "en-US",
"title": "ImageMagick: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-25T23:00:00.000+00:00",
"generator": {
"date": "2026-02-26T06:52:13.723+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0484",
"initial_release_date": "2026-02-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-7439, EUVD-2026-7440, EUVD-2026-7425, EUVD-2026-7427, EUVD-2026-7429, EUVD-2026-7431, EUVD-2026-7435, EUVD-2026-7424, EUVD-2026-7436, EUVD-2026-7446, EUVD-2026-7456, EUVD-2026-7437, EUVD-2026-7438, EUVD-2026-7441, EUVD-2026-7442, EUVD-2026-7445, EUVD-2026-7447, EUVD-2026-7448, EUVD-2026-7449, EUVD-2026-7450, EUVD-2026-7454, EUVD-2026-7459, EUVD-2026-7460"
},
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "3",
"summary": "CVE-2026-25984 erg\u00e4nzt"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.1.2-15",
"product": {
"name": "Open Source ImageMagick \u003c7.1.2-15",
"product_id": "T051110"
}
},
{
"category": "product_version",
"name": "7.1.2-15",
"product": {
"name": "Open Source ImageMagick 7.1.2-15",
"product_id": "T051110-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:imagemagick:imagemagick:7.1.2-15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.9.13-40",
"product": {
"name": "Open Source ImageMagick \u003c6.9.13-40",
"product_id": "T051111"
}
},
{
"category": "product_version",
"name": "6.9.13-40",
"product": {
"name": "Open Source ImageMagick 6.9.13-40",
"product_id": "T051111-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:imagemagick:imagemagick:6.9.13-40"
}
}
}
],
"category": "product_name",
"name": "ImageMagick"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-24481",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-24481"
},
{
"cve": "CVE-2026-24484",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-24484"
},
{
"cve": "CVE-2026-24485",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-24485"
},
{
"cve": "CVE-2026-25576",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25576"
},
{
"cve": "CVE-2026-25637",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25637"
},
{
"cve": "CVE-2026-25638",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25638"
},
{
"cve": "CVE-2026-25794",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25794"
},
{
"cve": "CVE-2026-25795",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25795"
},
{
"cve": "CVE-2026-25796",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25796"
},
{
"cve": "CVE-2026-25797",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25797"
},
{
"cve": "CVE-2026-25798",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25798"
},
{
"cve": "CVE-2026-25799",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25799"
},
{
"cve": "CVE-2026-25897",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25897"
},
{
"cve": "CVE-2026-25898",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25898"
},
{
"cve": "CVE-2026-25965",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25965"
},
{
"cve": "CVE-2026-25966",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25966"
},
{
"cve": "CVE-2026-25967",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25967"
},
{
"cve": "CVE-2026-25968",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25968"
},
{
"cve": "CVE-2026-25969",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25969"
},
{
"cve": "CVE-2026-25970",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25970"
},
{
"cve": "CVE-2026-25971",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25971"
},
{
"cve": "CVE-2026-25982",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25982"
},
{
"cve": "CVE-2026-25983",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25983"
},
{
"cve": "CVE-2026-25984",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25984"
},
{
"cve": "CVE-2026-25985",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25985"
},
{
"cve": "CVE-2026-25986",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25986"
},
{
"cve": "CVE-2026-25987",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25987"
},
{
"cve": "CVE-2026-25988",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25988"
},
{
"cve": "CVE-2026-25989",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25989"
},
{
"cve": "CVE-2026-26066",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-26066"
},
{
"cve": "CVE-2026-26283",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-26283"
},
{
"cve": "CVE-2026-26284",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-26284"
},
{
"cve": "CVE-2026-26983",
"product_status": {
"known_affected": [
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-26983"
}
]
}
FKIE_CVE-2026-25984
Vulnerability from fkie_nvd - Published: 2026-02-23 22:16 - Updated: 2026-02-23 22:16
Severity ?
Summary
Rejected reason: This CVE was assigned in error.
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE was assigned in error."
}
],
"id": "CVE-2026-25984",
"lastModified": "2026-02-23T22:16:25.087",
"metrics": {},
"published": "2026-02-23T22:16:25.087",
"references": [],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Rejected"
}
GHSA-273H-M46V-96Q4
Vulnerability from github – Published: 2026-02-25 15:20 – Updated: 2026-02-25 15:20
VLAI?
Summary
ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds
Details
An integer overflow in the PSB (PSD v2) RLE decoding path causes a heap out-of-bounds read on 32-bit builds. This can lead to information disclosure or a crash when processing crafted PSB files.
=================================================================
==3298==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf512eb00 at pc 0xf76760b5 bp 0xffc1dfb8 sp 0xffc1dfa8
READ of size 8 at 0xf512eb00 thread T0
#0 0xf76760b4 in ReadPSDChannelRLE coders/psd.c:1141
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25984"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-190"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-25T15:20:15Z",
"nvd_published_at": "2026-02-23T22:16:25Z",
"severity": "LOW"
},
"details": "An integer overflow in the PSB (PSD v2) RLE decoding path causes a heap out-of-bounds read on 32-bit builds. This can lead to information disclosure or a crash when processing crafted PSB files.\n\n```\n=================================================================\n==3298==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf512eb00 at pc 0xf76760b5 bp 0xffc1dfb8 sp 0xffc1dfa8\nREAD of size 8 at 0xf512eb00 thread T0\n #0 0xf76760b4 in ReadPSDChannelRLE coders/psd.c:1141\n```",
"id": "GHSA-273h-m46v-96q4",
"modified": "2026-02-25T15:20:16Z",
"published": "2026-02-25T15:20:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25984"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…