{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25797", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T19:58:01.640Z", "datePublished": "2026-02-24T01:01:22.025Z", "dateUpdated": "2026-02-24T01:01:22.025Z"}, "containers": {"cna": {"title": "ImageMagick vulnerable to Code injection via PostScript header in ps coders", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}, {"version": "< 6.9.13-40", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T01:01:22.025Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-rw6c-xp26-225v", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "id": "CVE-2026-25797", "lastModified": "2026-02-24T14:13:49.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-24T01:16:14.450", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Arbitrary code execution via crafted PostScript files", "id": "2442106", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442106"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-94", "details": ["A flaw was found in ImageMagick, a software used for editing and manipulating digital images. This vulnerability allows an attacker to inject malicious code into PostScript files due to improper input sanitization in the PostScript coders. When a specially crafted file is processed by a printer or viewer, this injected code can be executed, potentially leading to arbitrary code execution. A similar issue exists in the HTML encoder, where improper escaping of strings could allow for arbitrary HTML injection."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, restrict ImageMagick's ability to process untrusted input files, especially when generating PostScript output. Alternatively, disable the PostScript (PS) coder in ImageMagick's policy configuration to prevent the creation of potentially malicious PostScript files. This can be achieved by editing the ImageMagick policy file, typically located at /etc/ImageMagick-X/policy.xml (where X is the ImageMagick version), and adding or modifying a policy entry to disable the 'PS' format. For example, add <policy domain=\"coder\" rights=\"none\" pattern=\"PS\" /> within the <policymap> tags. This action may impact applications that rely on ImageMagick's ability to write PostScript files. A service restart may be required for changes to take effect."}, "name": "CVE-2026-25797", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T01:01:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25797\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25797\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v"], "statement": "This vulnerability has a MODERATE impact. ImageMagick's PostScript coders, as shipped in Red Hat Enterprise Linux 6 ELS and 7 ELS, are susceptible to arbitrary code injection. Processing a specially crafted file could lead to the execution of malicious PostScript code when rendered by a printer or viewer.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "created": "2026-02-24T09:54:08.112198+00:00", "updated": "2026-02-24T09:54:08.112279+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}