SB2026051608 - Multiple vulnerabilities in ImageMagick
Published: May 16, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2026-45664)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in the MNG decoder when processing crafted MNG images. A remote attacker can supply input that causes the decoder to read more images than the list limit policy allows to cause a denial of service.
2) Out-of-bounds read (CVE-ID: CVE-2026-45624)
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in the distort operation when performing a polynomial distortion with specific arguments. A remote attacker can supply specific arguments to disclose sensitive information and cause a denial of service.
3) Out-of-bounds read (CVE-ID: CVE-2026-45358)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the meta encoder when parsing input. A remote attacker can send specially crafted input to disclose sensitive information.
The issue is caused by an off-by-one error and results in a single-byte heap buffer over-read.
4) Out-of-bounds read (CVE-ID: CVE-2026-45359)
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in the connected components operation when processing an invalid connected-components:keep-top define value. A remote attacker can supply a crafted connected-components:keep-top value to disclose sensitive information and cause a denial of service.
5) Reusing a Nonce, Key Pair in Encryption (CVE-ID: N/A)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to reusing a nonce in encryption in PasskeyEncipherImage when encrypting data with AES-CTR. A remote attacker can exploit nonce reuse to disclose sensitive information.
6) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-45031)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the PSD decoder when decoding a PSD image. A remote attacker can supply a specially crafted PSD image to cause a denial of service.
Other security limits still apply.
7) Integer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow leading to division by zero in the binomial kernel when processing a user-supplied large kernel. A remote attacker can supply a specially crafted large binomial kernel to cause a denial of service.
User interaction is required to process the crafted input.
8) Out-of-bounds read (CVE-ID: CVE-2026-42326)
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in the IPTC encoder when writing an IPTC output file. A remote attacker can supply a malicious input file to disclose sensitive information and cause a denial of service.
The out-of-bounds read is limited to a single byte.
9) Heap-based buffer overflow (CVE-ID: CVE-2026-40169)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in the YAML and JSON encoders when writing yaml or json output. A remote attacker can process a crafted image to cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhrh-72hq-w8m7
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch5
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vf33-6r7x-66xx
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jqq5-8px3-9m6m