ImageMagick: Policy Bypass in MNG coder could
CVE-2026-45664

5.3MEDIUM

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 10 June 2026

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2026-45664?

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Affected Version(s)

ImageMagick < 6.9.13-47 < 6.9.13-47

ImageMagick < 7.1.2-22 < 7.1.2-22

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45664 Data

JSON