Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | < 6.9.13-40 |
Related Weaknesses (CWE)
References
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-22Third Party Advisory
FAQ
What is CVE-2026-25797?
CVE-2026-25797 is a vulnerability with a CVSS score of 5.7 (MEDIUM). ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails ...
How severe is CVE-2026-25797?
CVE-2026-25797 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25797?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick.