Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Local file-based trigger (AV:L), no privileges needed to run identify (PR:N), user must open crafted file (UI:R), only crash observed so A:H with C:N/I:N.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
AnalysisAI
Use-after-free in ImageMagick's 8BIM profile parser crashes the process when a specially crafted image is identified, affecting all releases prior to 6.9.13-51 (legacy branch) and 7.1.2-26 (current branch). The vulnerability is triggered by a specific format string embedded in the 8BIM metadata profile, causing memory corruption that results in a denial-of-service condition. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The vulnerability is triggered when ImageMagick processes an image file containing a crafted 8BIM profile block with a specific format string - the file must be actively opened or identified by an ImageMagick command or library call. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 5.5 (Medium) reflects a local attack vector (AV:L), low complexity (AC:L), no required privileges (PR:N), mandatory user interaction (UI:R), unchanged scope (S:U), and high availability impact with no confidentiality or integrity impact (C:N/I:N/A:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious PSD or TIFF image embedding a 8BIM profile block containing a format string payload, then delivers this file to a target - for example, via a web upload form, email attachment, or shared storage. When a user or automated pipeline runs 'identify' or any ImageMagick read operation against the file, the format string triggers a use-after-free in the profile parsing code, crashing the process and causing a denial-of-service. … |
| Remediation | Upgrade ImageMagick to version 6.9.13-51 or later on the legacy branch, or to 7.1.2-26 or later on the current branch, as confirmed by the vendor in GHSA-ff5c-8x9r-8qcw (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Imagemagick
View allReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when proc
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of serv
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files vi
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in cer
Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d
A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to R
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory cor
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41120