Heap Buffer Over-read Vulnerability in ImageMagick DJVU Image Format Handler
CVE-2026-27799

4MEDIUM

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
25 February 2026

What is CVE-2026-27799?

ImageMagick, a widely-used open-source software for digital image manipulation, has a vulnerability affecting its DJVU image format handler. This issue arises from integer truncation during the stride calculation for pixel buffer allocation, leading to potential out-of-bounds memory reads. The vulnerability has been patched in versions 7.1.2-15 and 6.9.13-40, but users of earlier versions are at risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ImageMagick < 6.9.13-40 < 6.9.13-40

ImageMagick >= 7.0.0, < 7.1.2-15 < 7.0.0, 7.1.2-15

References

https://github.com/ImageMagick/ImageMagick/security/advis...
x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit/e87695b...
x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
x_refsource_MISC

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.