Heap Buffer Overflow in ImageMagick Affects Digital Image Editing Software
CVE-2026-33901

7.5HIGH

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
13 April 2026

What is CVE-2026-33901?

ImageMagick, a popular open-source software for editing and manipulating digital images, has a vulnerability that involves a heap buffer overflow in the MVG decoder. This issue allows for potential out-of-bounds writes when processing specially crafted image files. The vulnerability impacts versions prior to 7.1.2-19 and 6.9.13-44, making it crucial for users to upgrade to these fixed versions to mitigate security risks.

Affected Version(s)

ImageMagick < 7.1.2-19 < 7.1.2-19

ImageMagick < 6.9.13-44 < 6.9.13-44

References

https://github.com/ImageMagick/ImageMagick/security/advis...
x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit/4c72003...
x_refsource_MISC
https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.