Integer Overflow Vulnerability in ImageMagick Affects Image Processing
CVE-2026-53466

6.5MEDIUM

Key Information:

Vendor
CVE Published:
1 July 2026

What is CVE-2026-53466?

ImageMagick is a widely-used open-source tool for editing and manipulating images. Prior to the releases 6.9.13-51 and 7.1.2-26, a vulnerability existed in the XCF decoder that allowed for an integer overflow. This flaw could lead to an out-of-bounds read when processing specially crafted image files, potentially causing application crashes and impacting service availability. Users are strongly advised to upgrade to the patched versions to mitigate this risk.

Affected Version(s)

ImageMagick < 6.9.13-51 < 6.9.13-51

ImageMagick >= 7.0.1-0, < 7.1.2-26 < 7.0.1-0, 7.1.2-26

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.