CVE-2026-25967
Published: 24 February 2026
Summary
CVE-2026-25967 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-25967 is a stack-based buffer overflow vulnerability in the FTXT image reader component of ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue affects versions prior to 7.1.2-15 and is classified under CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write). Published on 2026-02-24, it carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to impacts on integrity and availability.
A remote attacker with network access can exploit this vulnerability by supplying a specially crafted FTXT file to an ImageMagick instance processing untrusted input, such as in web applications or image conversion services. The attack requires high complexity (AC:H) but no privileges (PR:N) or user interaction (UI:N). Successful exploitation triggers out-of-bounds writes on the stack, potentially leading to application crashes and denial of service, with high impacts on integrity (I:H) and availability (A:H) but no confidentiality loss (C:N).
The official patch is available in ImageMagick version 7.1.2-15. For detailed mitigation guidance, refer to the GitHub security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7436
Vulnerability details
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading…
more
to a crash. Version 7.1.2-15 contains a patch.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack-based buffer overflow in ImageMagick's FTXT parser enables crafted file submission to public-facing image-processing services (T1190) and directly supports application crashes for DoS (T1499.004); high complexity and C:N impact limit further mappings.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces validation of untrusted FTXT image input to block the malformed data that triggers the stack buffer overflow.
Requires prompt application of the vendor patch in version 7.1.2-15 that eliminates the out-of-bounds write in the FTXT reader.
Applies memory-protection techniques such as ASLR or DEP that can limit the impact of stack-based overflows even if input validation fails.