CVE-2026-25794 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: February 24, 2026
ImageMagick - Out of Bounds Write
Overview
ImageMagick < 7.1.2-15 contains a buffer overflow caused by 32-bit integer overflow in WriteUHDRImage pixel buffer size calculation, letting attackers cause out-of-bounds heap write, exploit requires crafted large image dimensions.
Severity & Score
Impact
Attackers can cause out-of-bounds heap write leading to process crash or potential arbitrary code execution.
Mitigation
Update to version 7.1.2-15 or later.
Social Media Activity(1 post)
#OT #Advisory VDE-2026-021 WAGO: Multiple Vulnerabilities in WAGO VC Hub The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images. #CVE CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798 https://certvde.com/en/advisories/vde-2026-021/ #CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-021.json
View original postRelated Resources
Details
- CVE ID
- CVE-2026-25794
- Severity
- High
- CVSS Score
- 8.2
- Type
- out_of_bounds_rw
- Status
- confirmed
- EPSS
- 5.8%
- Social Posts
- 1
CWE
- CWE-122
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H