CVE-2026-25968
Published: 24 February 2026
Summary
CVE-2026-25968 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network-exploitable stack buffer overflow in ImageMagick (often integrated into public-facing services) directly maps to T1190; memory corruption enabling DoS conditions maps to T1499.004 Application or System Exploitation.
NVD Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading…
more
to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Deeper analysisAI
CVE-2026-25968 is a stack buffer overflow vulnerability in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue affects versions prior to 7.1.2-15 and 6.9.13-40, specifically in the msl.c component during processing of an attribute. A long value overflows a fixed-size stack buffer, resulting in memory corruption. The vulnerability is associated with CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write) and carries a CVSS v3.1 base score of 7.4.
An unauthenticated attacker can exploit this vulnerability over the network without user interaction and with no privileges required, though it demands high attack complexity. Successful exploitation leads to high impacts on confidentiality and availability through memory corruption, potentially enabling information disclosure or denial-of-service conditions, while integrity impact remains none and scope is unchanged.
The ImageMagick GitHub security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph details the patch, which is included in versions 7.1.2-15 and 6.9.13-40. Security practitioners should update to these fixed versions to mitigate the risk.
Details
- CWE(s)