CVE-2026-25968 ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write.

🗓️ 24 Feb 2026 01:30:58Reported by GoogleType

osv

osv🔗 osv.dev👁 3 Views

ImageMagick MSL attribute stack overflow causes bounds writes; patched in 7.1.2-15 and 6.9.13-40.

Reporter	Title	Published	Views	Family All 95
Tenable Nessus	Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1478)	30 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3211 (ALAS-2026-3211)	1 Apr 202600:00	–	nessus
Tenable Nessus	Debian dla-4497 : imagemagick - security update	11 Mar 202600:00	–	nessus
Tenable Nessus	Debian dsa-6158 : imagemagick - security update	9 Mar 202600:00	–	nessus
Tenable Nessus	Debian dsa-6159 : imagemagick - security update	11 Mar 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : ImageMagick (openSUSE-SU-2026:20337-1)	11 Mar 202600:00	–	nessus
Tenable Nessus	Photon OS 4.0: Imagemagick PHSA-2026-4.0-0976	13 Mar 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Imagemagick PHSA-2026-5.0-0790	19 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2026:0851-1)	11 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2026:0852-1)	11 Mar 202600:00	–	nessus

Source	Link
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25968.json
github	www.github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-25968

02 Apr 2026 13:18Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.17.4

EPSS0.00272

image magick msl attribute stack overflow bounds write patched versions cve 2026 25968