Integer Truncation Vulnerability in ImageMagick Software
CVE-2026-33900

5.9MEDIUM

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
13 April 2026

What is CVE-2026-33900?

An integer truncation issue in the viff encoder of ImageMagick has been identified, posing a risk of out-of-bounds heap writing on 32-bit builds. This vulnerability can lead to application crashes, compromising the stability and security of software utilizing ImageMagick. Users are advised to upgrade to version 6.9.13-44 or 7.1.2-19 to mitigate this threat. The problem has been addressed in these newer versions, reinforcing the importance of keeping software up to date.

Affected Version(s)

ImageMagick < 6.9.13-44 < 6.9.13-44

ImageMagick < 7.1.2-19 < 7.1.2-19

References

https://github.com/ImageMagick/ImageMagick/security/advis...
x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit/d27b840...
x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releases/tag/7...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.