ImageMagick
CVE-2026-53465
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Local vector per vendor; heap over-write write primitive justifies I:L addition over official I:N; PR:N as no OS privileges needed to supply a crafted file.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.
AnalysisAI
Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a crafted multi-frame image to corrupt heap memory, yielding high availability impact and potential integrity exposure. All ImageMagick installations before 7.1.2-25 are affected regardless of platform. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The vulnerability is triggered only when ImageMagick encodes a crafted multi-frame image through the SF3 encoder code path - single-frame images and other encoder paths are not affected. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The official CVSS 3.1 score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects a local attack vector with high availability impact but no confidentiality or integrity impact scored. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker targeting an application that accepts user-supplied images - such as a web upload endpoint or email attachment processor backed by ImageMagick - crafts a malformed multi-frame image specifically designed to trigger an out-of-bounds write in the SF3 encoder during encoding. When the application passes this file through ImageMagick's encoding pipeline, the heap buffer is overrun, crashing the ImageMagick process and causing a denial of service; under favorable heap layout conditions, the write primitive may be developed into controlled memory corruption enabling code execution. … |
| Remediation | Vendor-released patch: 7.1.2-25. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Denial of service in ImageMagick prior to 6.9.13-50 and 7.1.2-25 allows remote attackers to trigger an out-of-memory con
Out-of-bounds heap write in ImageMagick's ICON decoder allows remote attackers to crash the application by supplying a m
Heap-use-after-free in ImageMagick's CheckPrimitiveExtent function allows remote attackers to crash the image processing
Null pointer dereference in ImageMagick's distort operation crashes the processing process when an attacker supplies mal
Memory leak in ImageMagick's wand option parser degrades availability when invalid options are supplied, affecting all v
Share
External POC / Exploit Code
Leaving vuln.today