DCM Decoder Vulnerability in ImageMagick Software by ImageMagick
CVE-2026-49218

7.5HIGH

Key Information:

Vendor
CVE Published:
10 June 2026

What is CVE-2026-49218?

ImageMagick, an open-source tool for editing and manipulating digital images, contains a vulnerability in its DCM decoder. This issue arises from a missing validation check, potentially allowing an image with invalid dimensions to be processed. The consequence could lead to unexpected crashes during subsequent operations. Users are urged to upgrade to versions 6.9.13-48 or 7.1.2-24 or later, where this vulnerability has been addressed to ensure smoother and safer image processing.

Affected Version(s)

ImageMagick < 6.9.13-48 < 6.9.13-48

ImageMagick < 7.1.2-24 < 7.1.2-24

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.