Heap Buffer Over-read Vulnerability in ImageMagick Software
CVE-2026-27798
4MEDIUM
What is CVE-2026-27798?
ImageMagick, a widely-used open-source image manipulation tool, has a heap buffer over-read vulnerability that can be exploited when handling images with small dimensions through the '-wavelet-denoise' operator. This flaw may lead to unintended memory access, posing security concerns for applications relying on ImageMagick for image processing. Users are advised to upgrade to patched versions 7.1.2-15 or 6.9.13-40 to mitigate potential risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
ImageMagick < 6.9.13-40 < 6.9.13-40
ImageMagick >= 7.0.0, < 7.1.2-15 < 7.0.0, 7.1.2-15
References
CVSS V3.1
Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved