Out of Bounds Heap Write in ImageMagick
CVE-2026-53461

7.5HIGH

Key Information:

Vendor
CVE Published:
10 June 2026

What is CVE-2026-53461?

ImageMagick is a widely-used open-source software suite for editing and manipulating digital images. Prior to the release of versions 6.9.13-50 and 7.1.2-25, a vulnerability existed in the ICON decoder that could lead to an out-of-bounds write to the heap. This flaw could potentially cause the application to crash, impacting users reliant on ImageMagick for image processing. Users are encouraged to update to the fixed versions to mitigate any risks associated with this vulnerability.

Affected Version(s)

ImageMagick < 6.9.13-50 < 6.9.13-50

ImageMagick < 7.1.2-25 < 7.1.2-25

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.