ImageMagick, Stack Buffer Overflow, CVE-2026-25968 (Critical)

Listen to this Post

A stack buffer overflow vulnerability, identified as CVE-2026-25968, exists in ImageMagick’s handling of Magick Scripting Language (MSL) files . The flaw resides in the `msl.c` file, where a fixed-size buffer on the stack is used to process an attribute . When a specially crafted MSL file provides an excessively long value for this attribute, it overflows the adjacent stack memory . This out-of-bounds write corrupts memory and can be exploited to achieve remote code execution or cause a denial of service . The issue affects all versions prior to 7.1.2-15 and 6.9.13-40, where the patch was implemented .

dailycve form:

Platform: ImageMagick
Version: <6.9.13-40, <7.1.2-15
Vulnerability :Stack Buffer Overflow
Severity: Critical
date: 23 Feb 2026

Prediction: Patched versions released

What Undercode Say:

Analytics:

The vulnerability has a CVSS v3 base score of 9.8 (Critical) per NVD analysis, with a vector string of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H . This indicates the attack is network-based, requires low complexity, needs no privileges or user interaction, and has high impact on confidentiality, integrity, and availability . However, other sources like Ubuntu assess it with a score of 7.4 (High), noting a high attack complexity . The EPSS (Exploit Prediction Scoring System) probability is currently very low at 0.00043 (4.3e-4) .

Bash Commands & Code:

To check the installed version of ImageMagick on a Linux system, use:

identify -version | head -n1

To patch a vulnerable system on Debian/Ubuntu, update the package:

sudo apt update && sudo apt upgrade imagemagick

For systems that must run a vulnerable version, a temporary workaround is to disable the MSL coder in policy.xml:

<policy domain="coder" rights="none" pattern="MSL" />

Exploit:

The vulnerability is triggered by processing a malicious MSL file. An attacker crafts an MSL script containing an XML attribute with an overly long value. When ImageMagick parses this attribute in the `msl.c` file, the long value overflows a fixed-size stack buffer, leading to memory corruption . This can allow an attacker to overwrite critical data on the stack, potentially leading to arbitrary code execution with the privileges of the user running ImageMagick .

Protection from this CVE:

The primary protection is to upgrade ImageMagick to the patched versions: 6.9.13-40, 7.1.2-15, or any later version . System administrators should apply the latest security updates from their respective Linux distributions . As a mitigation, if upgrading is not immediately possible, administrators can disable the vulnerable MSL coder by modifying the `policy.xml` configuration file to prevent its use .

Impact:

Successful exploitation can lead to a full system compromise . An attacker could achieve high impact on the confidentiality, integrity, and availability of the affected system . This means an attacker could read sensitive data, modify or destroy data, and cause the application or system to crash . The vulnerability is particularly dangerous in server environments that automatically process user-uploaded images .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top