Primary

Context

ImageMagick NULL Pointer Dereference Vulnerability in ReadSFWImage

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. The issue occurs in the ReadSFWImage function within coders/sfw.c. When the creation of temporary files fails, the read_info structure is destroyed before its filename member can be accessed, leading to a crash. This vulnerability has been patched in versions 7.1.2-15 and 6.9.13-40.

Impact

Exploitation of this vulnerability leads to a crash of the ImageMagick application, caused by a NULL pointer dereference.

Added: Feb 24, 2026, 1:49 AM

Updated: Feb 24, 2026, 1:49 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.3

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.3

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick NULL Pointer Dereference Vulnerability in ReadSFWImage

Vulnerability

Impact

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating