Heap Buffer Overflow in ImageMagick Affecting Image Manipulation Software
CVE-2026-55577

5.9MEDIUM

Key Information:

Vendor
CVE Published:
1 July 2026

What is CVE-2026-55577?

ImageMagick, a widely used open-source software for image editing and manipulation, is susceptible to a heap buffer overflow vulnerability within its MVG decoder. This vulnerability can lead to out-of-bounds writes when handling specially crafted images. It is crucial for users to upgrade to versions 6.9.13-51 or 7.1.2-26 to mitigate potential security risks associated with this flaw. Maintaining updated software is essential for safeguarding against exploitation.

Affected Version(s)

ImageMagick >= 7.0.1-0, < 7.1.2-26 < 7.0.1-0, 7.1.2-26

ImageMagick < 6.9.13-51 < 6.9.13-51

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.