What is the CVSS score of CVE-2026-46521?

CVE-2026-46521 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2026-46521?

Yes, a patch is available for CVE-2026-46521. Update the affected software to the latest version immediately.

Magick.NET CVE-2026-46521

MEDIUM

Incorrect Calculation of Buffer Size (CWE-131)

2026-05-18 https://github.com/ImageMagick/ImageMagick

GHSA-jcqp-6r6f-3mfx

Buffer Overflow

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

May 18, 2026 - 21:33 vuln.today

Analysis Generated

May 18, 2026 - 21:33 vuln.today

DescriptionNVD

When using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check.

AnalysisAI

Heap buffer over-write in Magick.NET's MIFF encoder triggers an out-of-bounds write when LZMA compression is active, due to a missing buffer size check (CWE-131). All Magick.NET NuGet package variants prior to version 14.13.1 are affected across multiple architectures (AnyCPU, x64, x86, arm64) and depth configurations (Q16, Q16-HDRI, OpenMP). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-46521 vulnerability details – vuln.today

Back

Magick.NET CVE-2026-46521

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code