CVE-2026-25982 — ThreaTel

THREATEL Threat Intel

v0.1

CVE-2026-25982

MED 6.5

Published

2026-02-24

Last Modified

2026-02-25

Affected Apps

13

Affected Devices

49

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Affected Applications in Environment 13

ImageMagick v7.1.1-32

ImageMagick v6.9.10.68-6.el7_9

ImageMagick v7.1.2-13

ImageMagick v0:6.9.13.25-1.el8

ImageMagick v7.0.5

imagemagick v8:6.9.12.98+dfsg1-5.2build2

imagemagick v8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5

imagemagick v8:6.9.11.60+dfsg-1.6+deb12u4

imagemagick v8:6.8.9.9-7ubuntu5.16+esm19

imagemagick v8:6.9.10.23+dfsg-2.1ubuntu11.11

imagemagick v8:6.9.11.60+dfsg-1.3+deb11u10

imagemagick v8:6.9.11.60+dfsg-1.3+deb11u9

imagemagick v8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm6

Affected Devices 49

ATWOOD-PD-BSMTH Windows BSTEVENS Windows MILLPRODWEB Windows blakeutil Linux cceredcapweb Linux dpapsb-191594.mypc.usu.edu Linux fw Linux guru.cluster Linux hotcheeto Linux itfinance Linux kcm.usu.edu Linux librenms Linux omekanew Linux owenclarke-OptiPlex-7090 Linux redcapweb Linux starfleetpad Linux storm Linux tsutil.it.usu.edu Linux web-lb01-redirect.usu.edu Linux web-lb02-redirect.usu.edu Linux web-lb03-redirect.usu.edu Linux web02.usu.edu Linux web03.usu.edu Linux web08.usu.edu Linux web09.usu.edu Linux web10 Linux web10-awhc Linux web10-awhc Linux web11.usu.edu Linux web12.usu.edu Linux web13.usu.edu Linux web14.usu.edu Linux web15.usu.edu Linux web16.usu.edu Linux web17 Linux web18 Linux web19.usu.edu Linux web20 Linux web25 Linux web27.usu.edu Linux web29.usu.edu Linux web30.usu.edu Linux web31.usu.edu Linux web32.usu.edu Linux web33.usu.edu Linux web34.usu.edu Linux web35.usu.edu Linux web36.usu.edu Linux web37.usu.edu Linux

References 1

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v