Integer Overflow Vulnerability in ImageMagick Affects Various Digital Image Handling Versions
CVE-2026-34238

5.1MEDIUM

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
13 April 2026

What is CVE-2026-34238?

ImageMagick, a widely used free and open-source software for editing and manipulating digital images, has a critical vulnerability linked to an integer overflow during its despeckle operation. This defect causes a heap buffer overflow in 32-bit builds, allowing attackers to execute an out-of-bounds write. This could potentially compromise the integrity of the application and its data. The issue has been addressed in versions 6.9.13-44 and 7.1.2-19, making it essential for users to update their software to mitigate the risk.

Affected Version(s)

ImageMagick < 6.9.13-44 < 6.9.13-44

ImageMagick < 7.1.2-19 < 7.1.2-19

References

https://github.com/ImageMagick/ImageMagick/security/advis...
x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit/bcd8519...
x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releases/tag/7...
x_refsource_MISC

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.