CVE-2026-25983
Published: 24 February 2026
Summary
CVE-2026-25983 is a medium-severity Use After Free (CWE-416) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated supply of malicious MSL input to ImageMagick instance enables exploitation of public-facing apps (T1190) resulting in crash/memory corruption DoS via application exploitation (T1499.004).
NVD Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading…
more
from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Deeper analysisAI
CVE-2026-25983 is a heap-use-after-free vulnerability (CWE-416) in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue affects versions prior to 7.1.2-15 and 6.9.13-40. It arises when processing a crafted MSL (Magick Scripting Language) script, where the operation element handler replaces and frees the image object while the parser continues reading from it, resulting in a use-after-free condition in the ReadBlobString function during subsequent parsing.
An unauthenticated attacker can exploit this vulnerability remotely with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). By supplying a malicious MSL script to an ImageMagick instance, the attacker triggers the heap-use-after-free, potentially causing a denial-of-service condition through application crashes or memory corruption that impacts availability.
The ImageMagick security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566 details the patch in versions 7.1.2-15 and 6.9.13-40, recommending immediate upgrades to these or later versions for mitigation. Security practitioners should audit deployments processing untrusted MSL inputs and apply the patches promptly.
Details
- CWE(s)