Vulnerability-Lookup

WID-SEC-W-2026-1075

Vulnerability from csaf_certbund - Published: 2026-04-13 22:00 - Updated: 2026-06-14 22:00

Summary

ImageMagick: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.

Angriff: Ein Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuführen oder andere, nicht näher spezifizierte Auswirkungen zu erreichen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-33899

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33900

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33901

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33902

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33905

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33908

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-34238

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-40169

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-40183

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-40310

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-40311

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-40312

Affected products

Known affected 7 products

Product	Identifier	Version
Open Source ImageMagick <6.9.13-44 Open Source / ImageMagick		<6.9.13-44
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source ImageMagick <7.1.2-19 Open Source / ImageMagick		<7.1.2-19
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

37 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://github.com/ImageMagick/ImageMagick/securi…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3278.html	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.debian.org/debian-security-announce…	external
https://security-tracker.debian.org/tracker/DSA-6245-1	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder andere, nicht n\u00e4her spezifizierte Auswirkungen zu erreichen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1075 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1075.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1075 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1075"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-26qp-ffjh-2x4v vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-5592-p365-24xh vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-5xg3-585r-9jh5 vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-8vfj-q2cp-5m5j vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8vfj-q2cp-5m5j"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-98cp-rj9f-6v5g vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-98cp-rj9f-6v5g"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-cr67-pvmx-2pp2 vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-f4qm-vj5j-9xpw vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-fwvm-ggf6-2p4x vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-jvgr-9ph5-m8v4 vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jvgr-9ph5-m8v4"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-pcvx-ph33-r5vv vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-pmpg-6pww-fg6q vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-pwg5-6jfc-crvh vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-q8h3-jv9v-57qx vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-r83h-crwp-3vm7 vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-v67w-737x-v2c9 vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-w54j-7wpm-crhj vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w54j-7wpm-crhj"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-x928-4434-crqj vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-x9h5-r9v2-vcww vom 2026-04-13",
        "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10559-1 vom 2026-04-17",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NELZU7XXA5ZZZAED2X2TB2L3JPKZXEZ4/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1497-1 vom 2026-04-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025482.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20606-1 vom 2026-04-23",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MQXXAXP3BBC7UBZBY5IXWJ25D2TKIVPN/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1596-1 vom 2026-04-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025624.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1597-1 vom 2026-04-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025623.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1598-1 vom 2026-04-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025622.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21380-1 vom 2026-04-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025727.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3278 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3278.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4559 vom 2026-05-01",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00003.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6245 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00156.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6245 vom 2026-05-03",
        "url": "https://security-tracker.debian.org/tracker/DSA-6245-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6240 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00151.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4609 vom 2026-05-31",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00054.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-FB9A9AB1E9 vom 2026-06-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-fb9a9ab1e9"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-2D971FC3B0 vom 2026-06-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-2d971fc3b0"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-BC7538A3D7 vom 2026-06-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-bc7538a3d7"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-49C3A0FFA2 vom 2026-06-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-49c3a0ffa2"
      }
    ],
    "source_lang": "en-US",
    "title": "ImageMagick: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-14T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-15T08:00:13.656+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1075",
      "initial_release_date": "2026-04-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-19T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-04-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-22T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-05-31T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2026-06-14T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Fedora aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.1.2-19",
                "product": {
                  "name": "Open Source ImageMagick \u003c7.1.2-19",
                  "product_id": "T052716"
                }
              },
              {
                "category": "product_version",
                "name": "7.1.2-19",
                "product": {
                  "name": "Open Source ImageMagick 7.1.2-19",
                  "product_id": "T052716-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:imagemagick:imagemagick:7.1.2-19"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.9.13-44",
                "product": {
                  "name": "Open Source ImageMagick \u003c6.9.13-44",
                  "product_id": "T052717"
                }
              },
              {
                "category": "product_version",
                "name": "6.9.13-44",
                "product": {
                  "name": "Open Source ImageMagick 6.9.13-44",
                  "product_id": "T052717-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:imagemagick:imagemagick:6.9.13-44"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ImageMagick"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33899",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-33899"
    },
    {
      "cve": "CVE-2026-33900",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-33900"
    },
    {
      "cve": "CVE-2026-33901",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-33901"
    },
    {
      "cve": "CVE-2026-33902",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-33902"
    },
    {
      "cve": "CVE-2026-33905",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-33905"
    },
    {
      "cve": "CVE-2026-33908",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-33908"
    },
    {
      "cve": "CVE-2026-34238",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-34238"
    },
    {
      "cve": "CVE-2026-40169",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-40169"
    },
    {
      "cve": "CVE-2026-40183",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-40183"
    },
    {
      "cve": "CVE-2026-40310",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-40310"
    },
    {
      "cve": "CVE-2026-40311",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-40311"
    },
    {
      "cve": "CVE-2026-40312",
      "product_status": {
        "known_affected": [
          "T052717",
          "2951",
          "T002207",
          "T052716",
          "T027843",
          "398363",
          "74185"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2026-40312"
    }
  ]
}

CVE-2026-33899 (GCVE-0-2026-33899)

Vulnerability from cvelistv5 – Published: 2026-04-13 20:46 – Updated: 2026-04-16 13:26

Title

ImageMagick: Heap BufferOverflow write of single zero byte when parsing XML

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-191 - Integer Underflow (Wrap or Wraparound)

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releas…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 6.9.13-44 Affected: < 7.1.2-19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33899",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T13:22:04.220155Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T13:26:40.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.9.13-44"
            },
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T20:46:43.781Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-cr67-pvmx-2pp2",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick: Heap BufferOverflow write of single zero byte when parsing XML"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33899",
    "datePublished": "2026-04-13T20:46:43.781Z",
    "dateReserved": "2026-03-24T15:41:47.490Z",
    "dateUpdated": "2026-04-16T13:26:40.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33900 (GCVE-0-2026-33900)

Vulnerability from cvelistv5 – Published: 2026-04-13 20:50 – Updated: 2026-04-14 16:28

Title

ImageMagick has a Heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releas…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 6.9.13-44 Affected: < 7.1.2-19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33900",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T15:29:30.528868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T16:28:41.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.9.13-44"
            },
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T20:59:24.130Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-v67w-737x-v2c9",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick has a Heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33900",
    "datePublished": "2026-04-13T20:50:19.615Z",
    "dateReserved": "2026-03-24T15:41:47.490Z",
    "dateUpdated": "2026-04-14T16:28:41.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33901 (GCVE-0-2026-33901)

Vulnerability from cvelistv5 – Published: 2026-04-13 20:56 – Updated: 2026-04-14 13:51

Title

ImageMagick has a Heap Buffer Overflow via MVG decoder

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 7.1.2-19 Affected: < 6.9.13-44

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33901",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T13:50:52.457810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T13:51:00.488Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            },
            {
              "status": "affected",
              "version": "\u003c 6.9.13-44"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T20:56:12.307Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-x9h5-r9v2-vcww",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick has a Heap Buffer Overflow via MVG decoder"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33901",
    "datePublished": "2026-04-13T20:56:12.307Z",
    "dateReserved": "2026-03-24T15:41:47.490Z",
    "dateUpdated": "2026-04-14T13:51:00.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33902 (GCVE-0-2026-33902)

Vulnerability from cvelistv5 – Published: 2026-04-13 20:59 – Updated: 2026-04-14 15:51

Title

ImageMagick: Stack Overflow via Recursive FX Expression Parsing

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 7.1.2-19 Affected: < 6.9.13-44

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33902",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T15:51:18.568616Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T15:51:26.551Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            },
            {
              "status": "affected",
              "version": "\u003c 6.9.13-44"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick\u0027s FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T20:59:47.120Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-f4qm-vj5j-9xpw",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick: Stack Overflow via Recursive FX Expression Parsing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33902",
    "datePublished": "2026-04-13T20:59:47.120Z",
    "dateReserved": "2026-03-24T15:41:47.490Z",
    "dateUpdated": "2026-04-14T15:51:26.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33905 (GCVE-0-2026-33905)

Vulnerability from cvelistv5 – Published: 2026-04-13 21:02 – Updated: 2026-04-16 13:26

Title

ImageMagick has an Out-of-Bounds read via -sample operation

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-125 - Out-of-bounds Read

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releas…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 7.1.2-19 Affected: < 6.9.13-44

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T13:22:18.277331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T13:26:40.363Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            },
            {
              "status": "affected",
              "version": "\u003c 6.9.13-44"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T21:02:58.121Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-pcvx-ph33-r5vv",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick has an Out-of-Bounds read via -sample operation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33905",
    "datePublished": "2026-04-13T21:02:58.121Z",
    "dateReserved": "2026-03-24T15:41:47.491Z",
    "dateUpdated": "2026-04-16T13:26:40.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33908 (GCVE-0-2026-33908)

Vulnerability from cvelistv5 – Published: 2026-04-13 21:06 – Updated: 2026-04-14 16:28

Title

ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth limit imposed. When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releas…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 6.9.13-44 Affected: < 7.1.2-19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T15:29:51.879736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T16:28:36.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.9.13-44"
            },
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth limit imposed. When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T21:06:42.682Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-fwvm-ggf6-2p4x",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33908",
    "datePublished": "2026-04-13T21:06:42.682Z",
    "dateReserved": "2026-03-24T15:41:47.491Z",
    "dateUpdated": "2026-04-14T16:28:36.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34238 (GCVE-0-2026-34238)

Vulnerability from cvelistv5 – Published: 2026-04-13 21:14 – Updated: 2026-04-14 13:46

Title

ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Severity

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-190 - Integer Overflow or Wraparound
CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releas…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 6.9.13-44 Affected: < 7.1.2-19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34238",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T13:46:28.408742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T13:46:39.542Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.9.13-44"
            },
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T21:14:07.180Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-26qp-ffjh-2x4v",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34238",
    "datePublished": "2026-04-13T21:14:07.180Z",
    "dateReserved": "2026-03-26T16:22:29.034Z",
    "dateUpdated": "2026-04-14T13:46:39.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40169 (GCVE-0-2026-40169)

Vulnerability from cvelistv5 – Published: 2026-04-13 21:25 – Updated: 2026-04-14 15:52

Title

ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.

Severity

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releas…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 7.1.2-19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40169",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T15:52:23.762097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T15:52:31.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T21:25:56.317Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-5592-p365-24xh",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40169",
    "datePublished": "2026-04-13T21:25:56.317Z",
    "dateReserved": "2026-04-09T19:31:56.015Z",
    "dateUpdated": "2026-04-14T15:52:31.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40183 (GCVE-0-2026-40183)

Vulnerability from cvelistv5 – Published: 2026-04-13 21:28 – Updated: 2026-04-14 19:27

Title

ImageMagick: Heap buffer overflow when encoding JXL image with a 16-bit float

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/releas…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 7.1.2-19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40183",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T19:07:54.582119Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T19:27:39.187Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T21:28:20.797Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jvgr-9ph5-m8v4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jvgr-9ph5-m8v4"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-jvgr-9ph5-m8v4",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick: Heap buffer overflow when encoding JXL image with a 16-bit float"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40183",
    "datePublished": "2026-04-13T21:28:20.797Z",
    "dateReserved": "2026-04-09T20:59:17.619Z",
    "dateUpdated": "2026-04-14T19:27:39.187Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40310 (GCVE-0-2026-40310)

Vulnerability from cvelistv5 – Published: 2026-04-13 21:32 – Updated: 2026-04-14 16:28

Title

ImageMagick: Heap out-of-bounds write in JP2 encoder

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/ImageMagick/ImageMagick/securi…	x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit…	x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releas…	x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ImageMagick	ImageMagick	Affected: < 7.1.2-19 Affected: < 6.9.13-44

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40310",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T15:33:34.221037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T16:28:25.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.1.2-19"
            },
            {
              "status": "affected",
              "version": "\u003c 6.9.13-44"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T21:32:53.361Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-pwg5-6jfc-crvh",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick: Heap out-of-bounds write in JP2 encoder"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40310",
    "datePublished": "2026-04-13T21:32:53.361Z",
    "dateReserved": "2026-04-10T21:41:54.504Z",
    "dateUpdated": "2026-04-14T16:28:25.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1075

CVE-2026-33899 (GCVE-0-2026-33899)

CVE-2026-33900 (GCVE-0-2026-33900)

CVE-2026-33901 (GCVE-0-2026-33901)

CVE-2026-33902 (GCVE-0-2026-33902)

CVE-2026-33905 (GCVE-0-2026-33905)

CVE-2026-33908 (GCVE-0-2026-33908)

CVE-2026-34238 (GCVE-0-2026-34238)

CVE-2026-40169 (GCVE-0-2026-40169)

CVE-2026-40183 (GCVE-0-2026-40183)

CVE-2026-40310 (GCVE-0-2026-40310)

Tags

Sightings

Nomenclature