Magick.NET CVE-2026-45358
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary rating from Vendor (https://github.com/ImageMagick/ImageMagick).
CVSS VectorVendor: https://github.com/ImageMagick/ImageMagick
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
An of by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder.
AnalysisAI
Out-of-bounds single-byte read in Magick.NET's meta encoder affects all Q16 and Q16-HDRI NuGet package variants prior to version 14.13.1. An off-by-one indexing error in the meta encoder allows a remote unauthenticated attacker to read one byte beyond the allocated buffer boundary during metadata processing, resulting in limited memory disclosure. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; however, the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates the flaw is network-reachable without authentication or user interaction, making any application that processes attacker-supplied images or metadata a viable target.
Technical ContextAI
Magick.NET is the .NET/NuGet binding library for ImageMagick, distributed in multiple architecture and color-depth variants (Q16, Q16-HDRI, x64, ARM64, x86, AnyCPU). The root cause is classified as CWE-125 (Out-of-bounds Read): an off-by-one arithmetic error in the meta encoder causes the read pointer or loop bound to exceed the valid buffer by exactly one index position, exposing a single byte of adjacent heap or stack memory. Such errors typically arise from incorrect use of less-than-or-equal comparisons instead of strict less-than in bounds checks, or from zero-indexed buffers being accessed with a one-based length value. The meta encoder processes image metadata (e.g., EXIF, IPTC, comment fields), meaning the flaw is reachable whenever metadata encoding is triggered. Affected CPEs span all major Magick.NET Q16 variants: pkg:nuget/magick.net-q16-anycpu, pkg:nuget/magick.net-q16-hdri-anycpu, and all architecture-specific permutations (arm64, x64, x86, OpenMP variants).
RemediationAI
Vendor-released patch: 14.13.1. Upgrade all affected Magick.NET NuGet packages (Q16 and Q16-HDRI variants, all architectures) to version 14.13.1 or later via NuGet package manager (dotnet add package Magick.NET-Q16-AnyCPU --version 14.13.1 or the equivalent for the specific variant in use). Full advisory details are available at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r. If immediate patching is not possible, applications that accept images or metadata from untrusted sources should apply input validation and size restrictions on metadata fields before passing data to Magick.NET's encoder pipeline; however, this is a mitigating measure only and does not eliminate the underlying flaw. Disabling or sandboxing metadata processing operations (e.g., stripping all metadata before encoding with Magick.NET) would reduce exposure but may break application functionality dependent on EXIF or IPTC data handling.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Not-Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP6 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | Affected |
| SUSE Linux Enterprise Server 12 SP5 | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Affected |
| SUSE Linux Enterprise Server 15 SP4 | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5 | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Manager Proxy 4.3 | Affected |
| SUSE Manager Retail Branch Server 4.3 | Affected |
| SUSE Manager Server 4.3 | Affected |
| SUSE CaaS Platform 4.0 | Affected |
| SUSE Enterprise Storage 6 | Affected |
| SUSE Enterprise Storage 7 | Affected |
| SUSE Enterprise Storage 7.1 | Affected |
| SUSE Linux Enterprise Desktop 12 | Affected |
| SUSE Linux Enterprise Desktop 12 SP1 | Affected |
| SUSE Linux Enterprise Desktop 12 SP2 | Affected |
| SUSE Linux Enterprise Desktop 12 SP3 | Affected |
| SUSE Linux Enterprise Desktop 12 SP4 | Affected |
| SUSE Linux Enterprise Desktop 15 | Affected |
| SUSE Linux Enterprise Desktop 15 SP1 | Affected |
| SUSE Linux Enterprise Desktop 15 SP2 | Affected |
| SUSE Linux Enterprise Desktop 15 SP3 | Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP1 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP2 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP3 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP3 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Affected |
| SUSE Linux Enterprise Server 12 | Affected |
| SUSE Linux Enterprise Server 12 SP1 | Affected |
| SUSE Linux Enterprise Server 12 SP1-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP2 | Affected |
| SUSE Linux Enterprise Server 12 SP2-BCL | Affected |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP3 | Affected |
| SUSE Linux Enterprise Server 12 SP3-BCL | Affected |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP4 | Affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 12-LTSS | Affected |
| SUSE Linux Enterprise Server 15 | Affected |
| SUSE Linux Enterprise Server 15 SP1 | Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP2 | Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP3 | Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server 15-LTSS | Affected |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Affected |
| SUSE Manager Proxy 4.0 | Affected |
| SUSE Manager Proxy 4.1 | Affected |
| SUSE Manager Proxy 4.2 | Affected |
| SUSE Manager Retail Branch Server 4.0 | Affected |
| SUSE Manager Retail Branch Server 4.1 | Affected |
| SUSE Manager Retail Branch Server 4.2 | Affected |
| SUSE Manager Server 4.0 | Affected |
| SUSE Manager Server 4.1 | Affected |
| SUSE Manager Server 4.2 | Affected |
| SUSE OpenStack Cloud 7 | Affected |
| SUSE OpenStack Cloud 8 | Affected |
| SUSE OpenStack Cloud 9 | Affected |
| SUSE OpenStack Cloud Crowbar 8 | Affected |
| SUSE OpenStack Cloud Crowbar 9 | Affected |
| openSUSE Leap 15.3 | Affected |
| openSUSE Leap 15.4 | Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.6 | Not-Affected |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-cr6r-hmj8-pr7r