CVE-2026-27799

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-27799
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

4.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced Patch
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2 Vendor Advisory
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3 Product Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:dlemstra:magick.net:*:*:*:*:*:*:*:*
History

27 Feb 2026, 16:01

Type Values Removed Values Added
References () https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced - () https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced - Patch
References () https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2 - () https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2 - Vendor Advisory
References () https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3 - () https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3 - Product, Release Notes
CPE cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:dlemstra:magick.net:*:*:*:*:*:*:*:*
First Time Dlemstra
Imagemagick imagemagick
Dlemstra magick.net
Imagemagick

27 Feb 2026, 14:06

Type Values Removed Values Added
Summary
  • (es) ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, existe una vulnerabilidad de lectura excesiva de búfer de pila en el gestor del formato de imagen DJVU. La vulnerabilidad ocurre debido a un truncamiento de enteros al calcular el 'stride' (tamaño de fila) para la asignación del búfer de píxeles. El cálculo del 'stride' desborda un entero con signo de 32 bits, lo que resulta en lecturas de memoria fuera de límites. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche.

26 Feb 2026, 00:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-26 00:16

Updated : 2026-02-27 16:01

NVD link : CVE-2026-27799

Mitre link : CVE-2026-27799

CVE.ORG link : CVE-2026-27799

JSON object : View

Products Affected

imagemagick

  • imagemagick

dlemstra

  • magick.net
CWE
CWE-122

Heap-based Buffer Overflow

CWE-126

Buffer Over-read