CVE-2026-33901

| EUVD-2026-22104 HIGH
2026-04-13 GitHub_M GHSA-x9h5-r9v2-vcww
Heap Overflow Buffer Overflow Imagemagick
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 15, 2026 - 12:35 vuln.today

DescriptionNVD

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

AnalysisAI

Heap buffer overflow in ImageMagick's MVG decoder enables network-based denial of service through crafted image files. Affects all ImageMagick versions prior to 6.9.13-44 and 7.1.2-19. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all systems running ImageMagick versions 6.9.x prior to 6.9.13-44 and 7.1.x prior to 7.1.2-19 using asset inventory or vulnerability scanning. Within 7 days: Apply vendor-released patch-upgrade to ImageMagick 6.9.13-44 (legacy branch) or 7.1.2-19 (current branch), or disable MVG image format processing if patching cannot be completed immediately. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-33901 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy