ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
CVE-2026-47166

5.7MEDIUM

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
10 June 2026

What is CVE-2026-47166?

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Affected Version(s)

ImageMagick < 6.9.13-48 < 6.9.13-48

ImageMagick < 7.1.2-23 < 7.1.2-23

References

https://github.com/ImageMagick/ImageMagick/security/advis...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.