CVE-2026-25984
ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds
Description
An integer overflow in the PSB (PSD v2) RLE decoding path causes a heap out-of-bounds read on 32-bit builds. This can lead to information disclosure or a crash when processing crafted PSB files. ``` ================================================================= ==3298==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf512eb00 at pc 0xf76760b5 bp 0xffc1dfb8 sp 0xffc1dfa8 READ of size 8 at 0xf512eb00 thread T0 #0 0xf76760b4 in ReadPSDChannelRLE coders/psd.c:1141 ```
How to fix CVE-2026-25984
To remediate CVE-2026-25984, upgrade the affected package to a fixed version below.
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —upgrade to 14.10.3 or later
- —
Is CVE-2026-25984 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-25984.
Affected packages (19)
- from 0, < 14.10.3
- from 0, < 14.10.3
- from 0, < 14.10.3
- from 0, < 14.10.3
- from 0, < 14.10.3
- from 0, < 14.10.3
- from 0, < 14.10.3
- from 0, < 14.10.3
- from 0, < 14.10.3
- from 0, < 14.10.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |