Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Stack overflow from crafted MVG input crashes the process (A:H); all other metrics match the unauthenticated, network-accessible, zero-complexity attack surface with no confidentiality or integrity impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
AnalysisAI
Stack overflow in ImageMagick's MVG decoder prior to versions 6.9.13-51 and 7.1.2-26 allows remote unauthenticated attackers to crash image-processing services by submitting a crafted MVG image file. The root cause is a missing depth check in the MVG decoder (CWE-400), enabling unbounded recursion that exhausts stack memory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target runs an unpatched version of ImageMagick (prior to 6.9.13-51 on the 6.x branch or 7.1.2-26 on the 7.x branch) and that the attacker can deliver a crafted MVG image file into the ImageMagick processing pipeline - for example, via a file upload endpoint or any interface that invokes ImageMagick on attacker-supplied input. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor and NVD CVSS score of 5.3 (Medium) reflects AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L - a remotely exploitable, unauthenticated denial-of-service with limited availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker uploads a crafted MVG file to a web application that passes user-supplied images through ImageMagick for processing - such as a profile photo upload, document conversion service, or CMS media handler. The MVG decoder processes the file without bounding recursion depth, exhausting the process stack and crashing the ImageMagick worker or the application process itself, rendering the service unavailable. … |
| Remediation | Upgrade to ImageMagick 6.9.13-51 (legacy branch) or 7.1.2-26 (current branch), as documented in the vendor advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Imagemagick
View allReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when proc
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of serv
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files vi
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in cer
Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d
A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to R
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory cor
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41122