Listen to this Post
A heap buffer overflow vulnerability exists in ImageMagick’s `ReadYUVImage()` function within `coders/yuv.c` when processing maliciously crafted YUV 4:2:2 images with the ‘NoInterlace’ option. The flaw occurs due to an incorrect bounds check in the pixel-pair processing loop. For each row of pixel data, the loop iterates based on the image width, but a miscalculation causes it to write one additional pixel beyond the end of the allocated heap buffer for that row. This out-of-bounds write can corrupt adjacent heap memory, leading to a program crash (denial of service) . Under specific conditions, an attacker could potentially leverage this memory corruption to alter program behavior or execute arbitrary code . The issue affects ImageMagick versions prior to 6.9.13-40 and 7.1.2-15 . Patches were committed to the ImageMagick GitHub repository on February 23, 2026, and are included in the fixed versions .
dailycve form:
Platform: ImageMagick
Version: <6.9.13-40, <7.1.2-15
Vulnerability : Heap Buffer Overflow
Severity: Moderate
date: February 24, 2026
Prediction: Patched versions released
What Undercode Say:
Analytics:
- CVE ID: CVE-2026-25986
- CVSS Score: 5.3 (Medium) [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L]
- CWE: CWE-787 (Out-of-bounds Write) or CWE-805 (Buffer Access with Incorrect Length Value)
- Attack Vector: Network
- Privileges Required: None
- User Interaction: None
Exploit:
A remote attacker can trigger this vulnerability by crafting a malicious YUV 4:2:2 (NoInterlace) image and enticing a user or automated process to open it with a vulnerable version of ImageMagick. The exploit leverages the heap buffer overflow to cause a denial of service. While public proof-of-concept (PoC) code is not confirmed, the nature of the overflow (one pixel beyond the buffer) makes it potentially reproducible .
Example of how an attacker might invoke the vulnerable decoder This would cause the vulnerable ImageMagick to process the malicious file. convert malicious.yuv output.png
Protection from this CVE:
- Patch Immediately: Upgrade to ImageMagick version `6.9.13-40` or
7.1.2-15, or any later patched version . - Vendor Updates: Apply security updates from your Linux distribution (Red Hat, Debian, Ubuntu, SUSE, etc.) as they become available .
- Input Sanitization: Avoid processing untrusted YUV 4:2:2 image files, especially from unknown sources .
- Sandboxing: If ImageMagick is used in automated workflows (e.g., web applications), run it in a sandboxed or containerized environment to limit the impact of a successful exploit .
Check your current ImageMagick version identify -version Example of updating on Debian/Ubuntu sudo apt update sudo apt install --only-upgrade imagemagick Example of updating on RHEL/CentOS/Fedora sudo yum update ImageMagick or sudo dnf update ImageMagick
Impact:
- Availability: High. The primary impact is a denial of service, causing the application to crash due to heap corruption .
- Integrity: Potentially Low to High. While the official CVSS vector rates integrity impact as ‘None’ , heap overflows can sometimes be leveraged for arbitrary code execution, which would compromise integrity .
- Confidentiality: Potentially Low. Like integrity, arbitrary code execution resulting from this overflow could lead to information disclosure.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

