CVE-2026-25898 Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

🗓️ 24 Feb 2026 01:18:33Reported by GoogleType

osv🔗 osv.dev👁 2 Views

ImageMagick vulnerability allows global buffer overflow read from negative pixel index in image encoders, risking disclosure.

Reporter	Title	Published	Views	Family All 108
Tenable Nessus	Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1478)	30 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3211 (ALAS-2026-3211)	1 Apr 202600:00	–	nessus
Tenable Nessus	Debian dla-4497 : imagemagick - security update	11 Mar 202600:00	–	nessus
Tenable Nessus	Debian dsa-6158 : imagemagick - security update	9 Mar 202600:00	–	nessus
Tenable Nessus	Debian dsa-6159 : imagemagick - security update	11 Mar 202600:00	–	nessus
Tenable Nessus	ImageMagick < 6.9.13-40 / 7.x < 7.1.2-15 Multiple Vulnerabilities	27 Feb 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : ImageMagick (openSUSE-SU-2026:20337-1)	11 Mar 202600:00	–	nessus
Tenable Nessus	Photon OS 4.0: Imagemagick PHSA-2026-4.0-0976	13 Mar 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Imagemagick PHSA-2026-5.0-0790	19 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2026:0851-1)	11 Mar 202600:00	–	nessus

Source	Link
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25898.json
github	www.github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-25898

02 Apr 2026 13:18Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.5

EPSS0.00022