CVE-2026-25989

ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder

Description

A crafted SVG file can cause a denial of service. An off-by-one boundary check (> instead of >=) that allows bypass the guard and reach an undefined (size_t) cast.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

7.5

Severity

High

Ecosystem

RPM

Publish Date

February 24, 2026

Modified Date

February 24, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions