CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/06 10:16 p.m.•2 views

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS0.00262EPSS

OSV•added 2026/03/20 10:32 a.m.•3 views

CLSA-2026-1774002757 Fix CVE(s): CVE-2026-25898

SECURITY UPDATE: global buffer overflow read in UIL and XPM encoders. - debian/patches/CVE-2026-25898.patch: clamp negative pixel index values to zero in WriteUILImage, WritePICONImage, and WriteXPMImage before using them as array subscripts into the Cixel table. - CVE-2026-25898...

9.1CVSS7.1AI score0.00348EPSS

OSV•added 2026/03/20 9:42 a.m.•3 views

CLSA-2026-1773999754 Fix CVE(s): CVE-2026-25898

SECURITY UPDATE: global buffer overflow read via negative pixel index in UIL and XPM image encoders - debian/patches/CVE-2026-25898.patch: clamp negative pixel index values to zero in WriteUILImage, WritePICONImage, and WriteXPMImage before using them as array subscripts into the Cixel table. -...

9.1CVSS7.1AI score0.00348EPSS

Tenable Nessus•added 2026/03/06 12:0 a.m.•4 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-8069-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8069-1 advisory. It was discovered that ImageMagick did not properly decode certain SUN image files. An attack...

9.8CVSS7.4AI score0.00461EPSS

Exploits0References8

SUSE CVE•added 2026/02/25 12:24 a.m.•3 views

SUSE CVE-2026-25898

6.5CVSS6AI score0.00348EPSS

Exploits0References6

Tenable Nessus•added 2026/02/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-25898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image...

9.1CVSS7.4AI score0.00348EPSS

Github Security Blog•added 2026/02/24 3:39 p.m.•4 views

ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

The UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger ...

9.1CVSS5.8AI score0.00348EPSS

Exploits0References5Affected Software17

RedhatCVE•added 2026/02/24 5:31 a.m.•4 views

CVE-2026-25898

A flaw was found in ImageMagick. A remote attacker can exploit this vulnerability by crafting a malicious image file. The UIL and XPM image encoders do not properly validate pixel index values, which can become negative in High Dynamic Range Imaging HDRI builds. This improper validation leads to ...

9.1CVSS5.3AI score0.00348EPSS

Exploits0References4

NVD•added 2026/02/24 2:16 a.m.•5 views

CVE-2026-25898

9.1CVSS0.00348EPSS

OSV•added 2026/02/24 2:16 a.m.•1 views

UBUNTU-CVE-2026-25898

Snyk•added 2026/02/24 1:18 a.m.•2 views

Exploits0References5

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Snyk•added 2026/02/24 1:18 a.m.•4 views

Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Snyk•added 2026/02/24 1:18 a.m.•4 views

Out-of-bounds Read

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/02/24 1:18 a.m.•2 views

Out-of-bounds Read

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/02/24 1:18 a.m.•2 views

Out-of-bounds Read

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/02/24 1:18 a.m.•3 views

Out-of-bounds Read

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

EUVD•added 2026/02/24 1:18 a.m.•2 views

EUVD-2026-7439

6.5CVSS5.7AI score0.00348EPSS