Listen to this Post
The vulnerability, identified as CVE-2026-25982, is a heap out-of-bounds read flaw found in ImageMagick’s DICOM decoder within `coders/dcm.c` . It arises when the software processes a specially crafted DICOM (Digital Imaging and Communications in Medicine) file . Due to an error in the decoding loop’s byte-counting logic for specific file configurations, the `ReadDCMImage` function attempts to read data beyond the boundaries of the allocated heap buffer . This incorrect memory access can lead to two primary impacts: a Denial of Service (DoS) through application crashes, or an Information Disclosure where sensitive data from adjacent heap memory is inadvertently leaked into the processed image output . The issue is present in ImageMagick versions before 7.1.2-15 and 6.9.13-40, and consequently affects various Magick.NET NuGet packages before version 14.10.3. Patches have been released to correct the loop’s bounds checking .
dailycve form:
Platform: ImageMagick
Version: <6.9.13-40, <7.1.2-15
Vulnerability : Out-of-bounds Read
Severity: Medium (6.5)
date: Feb 23, 2026
Prediction: Patches released
What Undercode Say:
Analytics:
The vulnerability is remotely exploitable without authentication or user interaction, making it a significant threat to any service processing DICOM images . Its CVSS v3.1 base score is 6.5, with the vector `AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L` . This indicates a low impact on confidentiality and availability, with no impact on integrity. The vulnerability is classified under CWE-125 (Out-of-bounds Read) .
Bash Commands:
Check your installed ImageMagick version identify -version | grep Version Check Debian/Ubuntu package version dpkg -l | grep imagemagick Check Red Hat/CentOS/Fedora package version rpm -qa | grep ImageMagick Disable DICOM processing as a workaround (add to policy.xml) cat << EOF | sudo tee -a /etc/ImageMagick-7/policy.xml <policy domain="coder" rights="none" pattern="DCM" /> <policy domain="coder" rights="none" pattern="DICOM" /> EOF
Exploit:
An attacker crafts a malicious DICOM file with specific configuration parameters that trigger the flawed decoding loop in `coders/dcm.c` . When a vulnerable ImageMagick instance processes this file, the loop miscalculates the number of bytes to read per iteration, causing the `ReadDCMImage` function to read past the end of the allocated heap buffer .
Protection from this CVE:
Patch Immediately: Upgrade ImageMagick to version 6.9.13-40 or later for the 6.x branch, or 7.1.2-15 or later for the 7.x branch . For .NET applications, update the relevant Magick.NET NuGet package to version 14.10.3 or later.
Workaround: If immediate patching is not possible, disable DICOM format support by modifying ImageMagick’s `policy.xml` file as shown in the bash commands above .
Isolate Processing: Process all untrusted DICOM files in a sandboxed or isolated environment to contain potential crashes or memory leaks .
Impact:
Successful exploitation can lead to a Denial of Service, causing the application to crash . More critically, it can result in Information Disclosure, where the out-of-bounds read leaks portions of heap memory into the resulting image, potentially exposing sensitive data from the system’s memory . This is particularly severe in medical or PACS environments where DICOM is standard .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

