UBUNTU-CVE-2026-25794

ImageMagick is free and open-source software used for editing and manipulating digital images. WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit int, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.

References

Affected packages

Ubuntu:25.10 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/ubuntu/imagemagick@8:7.1.2.3+dfsg1-1ubuntu0.1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:7.1.2.3+dfsg1-1ubuntu0.1

Affected versions

8:7.*

8:7.1.1.43+dfsg1-1

8:7.1.1.43+dfsg1-1ubuntu1

8:7.1.1.43+dfsg1-1ubuntu2

8:7.1.2.3+dfsg1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "imagemagick"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "imagemagick-7-common"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "imagemagick-7.q16"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "imagemagick-7.q16hdri"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libimage-magick-perl"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libimage-magick-q16-perl"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libimage-magick-q16hdri-perl"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagick++-7-headers"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagick++-7.q16-5"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagick++-7.q16hdri-5"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickcore-7-arch-config"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickcore-7-headers"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickcore-7.q16-10"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickcore-7.q16-10-extra"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickcore-7.q16hdri-10"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickcore-7.q16hdri-10-extra"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickwand-7-headers"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickwand-7.q16-10"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "libmagickwand-7.q16hdri-10"
        },
        {
            "binary_version": "8:7.1.2.3+dfsg1-1ubuntu0.1",
            "binary_name": "perlmagick"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25794.json"