CVE-2026-25967
Published: 24 February 2026
Summary
CVE-2026-25967 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote stack-based buffer overflow in ImageMagick's FTXT parser enables crafted file submission to public-facing image-processing services (T1190) and directly supports application crashes for DoS (T1499.004); high complexity and C:N impact limit further mappings.
NVD Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading…
more
to a crash. Version 7.1.2-15 contains a patch.
Deeper analysisAI
CVE-2026-25967 is a stack-based buffer overflow vulnerability in the FTXT image reader component of ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue affects versions prior to 7.1.2-15 and is classified under CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write). Published on 2026-02-24, it carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to impacts on integrity and availability.
A remote attacker with network access can exploit this vulnerability by supplying a specially crafted FTXT file to an ImageMagick instance processing untrusted input, such as in web applications or image conversion services. The attack requires high complexity (AC:H) but no privileges (PR:N) or user interaction (UI:N). Successful exploitation triggers out-of-bounds writes on the stack, potentially leading to application crashes and denial of service, with high impacts on integrity (I:H) and availability (A:H) but no confidentiality loss (C:N).
The official patch is available in ImageMagick version 7.1.2-15. For detailed mitigation guidance, refer to the GitHub security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4.
Details
- CWE(s)