Out of Bounds Vulnerability in ImageMagick Affects Multiple Versions
CVE-2026-40169

6.2MEDIUM

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
13 April 2026

What is CVE-2026-40169?

ImageMagick, a prominent open-source software suite for image editing, is affected by a severe vulnerability that results in an out of bounds heap write when processing crafted images to produce YAML or JSON outputs. This flaw can lead to application crashes, impacting service availability and data integrity. This issue has been rectified in the 7.1.2-19 release, urging users to update their software to safeguard against potential exploits.

Affected Version(s)

ImageMagick < 7.1.2-19

References

https://github.com/ImageMagick/ImageMagick/security/advis...
x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit/f86452a...
x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/releases/tag/7...
x_refsource_MISC

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.