{"vulnerability": "cve-2026-53462", "sightings": [{"uuid": "8d8d4a70-fe97-4071-a72e-e77034d71c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53462", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mny5bfxp7c2v", "content": "CVE-2026-53462 - ImageMagick: Use-After-Free when allocation in CheckPrimitiveExtent fails\nCVE ID : CVE-2026-53462\n \n Published : June 10, 2026, 11:16 p.m. | 2\u00a0hours, 1\u00a0minute ago\n \n Description : ImageMagick is free and open-source software used for editing and manipulating d...", "creation_timestamp": "2026-06-11T02:06:27.187508Z"}, {"uuid": "2cd258ea-7cd8-4c9b-bec7-d9577f298bc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53462", "type": "seen", "source": "https://gist.github.com/alon710/8649cee74b41dfbab6352036ad771ea3", "content": "# CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem\n\n> **CVSS Score:** 5.9\n> **Published:** 2026-06-26\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53462\n\n## Summary\nCVE-2026-53462 is a heap Use-After-Free (UAF) vulnerability in ImageMagick's vector drawing subsystem, specifically within the coordinate allocation mechanism in CheckPrimitiveExtent. By parsing a crafted vector image (such as SVG or MVG) with extremely complex primitives, an attacker can trigger a memory reallocation failure. If the application fails to handle this allocation failure cleanly, it leaves a dangling pointer that can subsequently be accessed or freed again, causing memory corruption or an application crash.\n\n## TL;DR\nA heap Use-After-Free vulnerability in ImageMagick's drawing engine can be triggered via crafted vector images, potentially leading to denial of service or remote code execution.\n\n## Technical Details\n\n- **CWE ID**: CWE-416 (Use After Free)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 5.9 (Medium)\n- **EPSS Score**: 0.00227 (Percentile: 13.34%)\n- **Impact**: Availability (High)\n- **Exploit Status**: None (No public exploits or weaponized payloads)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- ImageMagick 6.x installations prior to version 6.9.13-50\n- ImageMagick 7.x installations prior to version 7.1.2-25\n- **ImageMagick**: < 6.9.13-50 (Fixed in: `6.9.13-50`)\n- **ImageMagick**: >= 7.0.0-0, < 7.1.2-25 (Fixed in: `7.1.2-25`)\n\n## Mitigation\n\n- Upgrade to ImageMagick 6.9.13-50 (legacy branch) or 7.1.2-25 (modern branch) or newer.\n- Disable parsing of vulnerable vector formats (SVG, MVG, PDF, EPS, PS) via policy.xml configuration.\n- Enforce strict memory limits inside ImageMagick's policy.xml to mitigate memory allocation manipulation.\n\n**Remediation Steps:**\n1. Identify vulnerable ImageMagick deployments using local container scanning, host package managers, or software composition analysis.\n2. Deploy security updates or compile from patched sources for both 6.x and 7.x code paths.\n3. Configure ImageMagick policy.xml file to restrict vector file processing capabilities if updates cannot be immediately applied.\n\n## References\n\n- [Official GitHub Security Advisory](https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2)\n- [Magick.NET Release Package Info (Wrapper Fix)](https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53462)\n- [Wiz Vulnerability Analysis Portal](https://www.wiz.io/vulnerability-database/cve/cve-2026-53462)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53462) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-26T16:42:20.253067Z"}, {"uuid": "644e032c-2bfa-48d2-aa3f-9df196ec8780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53462", "type": "seen", "source": "https://gist.github.com/alon710/ab6fb045bc60bbc32d947423444fcf91", "content": "# CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem\n\n> **CVSS Score:** 5.9\n> **Published:** 2026-06-26\n> **Full Report:** https://cvereports.com/reports/CVE-2026-53462\n\n## Summary\nCVE-2026-53462 is a heap Use-After-Free (UAF) vulnerability in ImageMagick's vector drawing subsystem, specifically within the coordinate allocation mechanism in CheckPrimitiveExtent. By parsing a crafted vector image (such as SVG or MVG) with extremely complex primitives, an attacker can trigger a memory reallocation failure. If the application fails to handle this allocation failure cleanly, it leaves a dangling pointer that can subsequently be accessed or freed again, causing memory corruption or an application crash.\n\n## TL;DR\nA heap Use-After-Free vulnerability in ImageMagick's drawing engine can be triggered via crafted vector images, potentially leading to denial of service or remote code execution.\n\n## Technical Details\n\n- **CWE ID**: CWE-416 (Use After Free)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 5.9 (Medium)\n- **EPSS Score**: 0.00227 (Percentile: 13.34%)\n- **Impact**: Availability (High)\n- **Exploit Status**: None (No public exploits or weaponized payloads)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- ImageMagick 6.x installations prior to version 6.9.13-50\n- ImageMagick 7.x installations prior to version 7.1.2-25\n- **ImageMagick**: < 6.9.13-50 (Fixed in: `6.9.13-50`)\n- **ImageMagick**: >= 7.0.0-0, < 7.1.2-25 (Fixed in: `7.1.2-25`)\n\n## Mitigation\n\n- Upgrade to ImageMagick 6.9.13-50 (legacy branch) or 7.1.2-25 (modern branch) or newer.\n- Disable parsing of vulnerable vector formats (SVG, MVG, PDF, EPS, PS) via policy.xml configuration.\n- Enforce strict memory limits inside ImageMagick's policy.xml to mitigate memory allocation manipulation.\n\n**Remediation Steps:**\n1. Identify vulnerable ImageMagick deployments using local container scanning, host package managers, or software composition analysis.\n2. Deploy security updates or compile from patched sources for both 6.x and 7.x code paths.\n3. Configure ImageMagick policy.xml file to restrict vector file processing capabilities if updates cannot be immediately applied.\n\n## References\n\n- [Official GitHub Security Advisory](https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2)\n- [Magick.NET Release Package Info (Wrapper Fix)](https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53462)\n- [Wiz Vulnerability Analysis Portal](https://www.wiz.io/vulnerability-database/cve/cve-2026-53462)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53462) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-26T16:52:45.690303Z"}]}