Volerion logoVolerion
Volerion logoVolerion

ImageMagick Stack-Based Buffer Overflow Vulnerability in FTXT Image Reader

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the ImageMagick FTXT image reader, in versions prior to 7.1.2-15. This vulnerability allows crafted FTXT files to cause out-of-bounds writes on the stack, leading to crashes. The issue has been patched in version 7.1.2-15.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing out-of-bounds writes on the stack and resulting in a crash. Such stack-based buffer overflows can often be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by using ImageMagick to process a crafted FTXT file that is designed to exploit the buffer overflow. This can be done by using the 'convert' command or any other ImageMagick tool that reads FTXT files, and specifying the crafted file as input. The AddressSanitizer will report a stack-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users should upgrade to ImageMagick version 7.1.2-15 or later, where this vulnerability has been patched.

Added: Feb 24, 2026, 2:29 AM
Updated: Feb 24, 2026, 2:29 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
3.6
remediation
7.7
relevance
3.1
threat
1.6
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.