CVE-2026-28494

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:imagemagick:imagemagick::::::::
	cpe:2.3:a:imagemagick:imagemagick::::::::

History

17 Jun 2026, 10:28

Type	Values Removed	Values Added
Summary		(es) ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-16 y 6.9.13-41, existe un desbordamiento de búfer de pila en las funciones de análisis del kernel de morfología de ImageMagick. Cadenas de kernel controladas por el usuario que exceden un búfer se copian en búferes de pila de tamaño fijo a través de memcpy sin comprobación de límites, lo que resulta en corrupción de la pila. Esta vulnerabilidad está corregida en las versiones 7.1.2-16 y 6.9.13-41.

12 Mar 2026, 15:18

Type	Values Removed	Values Added
References	~~() https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm -~~	() https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm - Vendor Advisory
CPE		cpe:2.3:a:imagemagick:imagemagick::::::::
First Time		Imagemagick Imagemagick imagemagick

10 Mar 2026, 07:43

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 07:43

Updated : 2026-06-17 10:28

NVD link : CVE-2026-28494

Mitre link : CVE-2026-28494

CVE.ORG link : CVE-2026-28494

JSON object : View

Products Affected

imagemagick

imagemagick

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2026-28494", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-28494", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T14:40:59.673356Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-16"}, {"status": "affected", "version": "< 6.9.13-41"}]}]}], "published": "2026-03-10T07:43:40.040", "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-16 y 6.9.13-41, existe un desbordamiento de b\u00fafer de pila en las funciones de an\u00e1lisis del kernel de morfolog\u00eda de ImageMagick. Cadenas de kernel controladas por el usuario que exceden un b\u00fafer se copian en b\u00faferes de pila de tama\u00f1o fijo a trav\u00e9s de memcpy sin comprobaci\u00f3n de l\u00edmites, lo que resulta en corrupci\u00f3n de la pila. Esta vulnerabilidad est\u00e1 corregida en las versiones 7.1.2-16 y 6.9.13-41."}], "lastModified": "2026-06-17T10:28:44.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFFB7C48-4211-4215-9C0B-D285B8E09CF1", "versionEndExcluding": "6.9.13-41"}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "865783BD-5A33-4D05-AF99-E6EFE76414D1", "versionEndExcluding": "7.1.2-16", "versionStartIncluding": "7.0.0-0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}