{
  "threat_severity" : "Moderate",
  "public_date" : "2026-02-24T00:54:34Z",
  "bugzilla" : {
    "description" : "ImageMagick: ImageMagick: Denial of Service due to NULL pointer dereference during temporary file creation failure",
    "id" : "2442099",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2442099"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-476",
  "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "A flaw was found in ImageMagick, a widely used image editing and manipulation software. This vulnerability arises from a NULL pointer dereference that occurs when the software attempts to create temporary files and fails. An attacker could exploit this issue to trigger an application crash, leading to a Denial of Service (DoS)." ],
  "statement" : "This MODERATE impact flaw in ImageMagick can lead to a denial of service due to a NULL pointer dereference when processing a crafted SFW image file. The vulnerability occurs if temporary file creation fails during image processing. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected by this flaw.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-25795\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25795\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm" ],
  "name" : "CVE-2026-25795",
  "mitigation" : {
    "value" : "To reduce the risk associated with this vulnerability, avoid processing untrusted SFW image files with ImageMagick. If ImageMagick is deployed in environments where it processes untrusted input, consider implementing sandboxing or resource limits for ImageMagick processes to contain potential crashes and limit impact.",
    "lang" : "en:us"
  },
  "csaw" : false
}