Skip to main content

ImageMagick CVE-2026-56367

| EUVDEUVD-2026-38173 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-21 VulnCheck GHSA-rg39-4fm5-hrp2
6.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.8 MEDIUM

Network reachable but high complexity from 32-bit precondition; no auth; low confidentiality from heap leak; low availability added for confirmed crash outcome.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
SUSE
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Red Hat
4.2 MEDIUM
qualitative

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 22, 2026 - 06:36 vuln.today
Analysis Generated
Jun 22, 2026 - 06:36 vuln.today
Patch available
Jun 21, 2026 - 15:31 EUVD

DescriptionCVE.org

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash.

AnalysisAI

Integer overflow in ImageMagick's PSB/PSD v2 RLE decoder (ReadPSDChannelRLE in coders/psd.c) causes a heap out-of-bounds read exclusively on 32-bit builds, enabling information disclosure or process crash when processing attacker-controlled PSB files. Affected versions span ImageMagick below 7.1.2-15 and 6.9.x below 6.9.13-40, with corresponding Magick.NET NuGet packages below 14.10.3 also confirmed vulnerable. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Submit crafted PSB file to network-accessible image processor
Exploit
Integer overflow in ReadPSDChannelRLE on 32-bit build
Execution
Heap out-of-bounds read past allocated channel buffer
Impact
Leak adjacent heap memory contents or crash process

Vulnerability AssessmentAI

Exploitation Two specific and concurrent conditions are required for exploitation: (1) the ImageMagick installation must be a 32-bit build - 64-bit builds are explicitly NOT affected because wider integer types prevent the overflow; this is confirmed by the GHSA advisory and ASAN trace, and is encoded in the CVSS 4.0 AT:P metric. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.3 (AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N) correctly reflects a moderate-severity, exploitation-constrained vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker submits a crafted PSB (PSD v2) file to a web service or API backed by a 32-bit ImageMagick build - such as a profile picture upload endpoint or document conversion service. The malformed RLE channel data triggers the integer overflow in ReadPSDChannelRLE at coders/psd.c:1141, causing the process to read 8 bytes beyond the heap-allocated buffer. …
Remediation The primary fix is to upgrade ImageMagick to version 7.1.2-15 or later on the 7.x branch, or to 6.9.13-40 or later on the 6.9.x legacy branch; the upstream patch commit is 5b91ab69af614024255fd93dcc9a62b41fbc435c. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-15277 MEDIUM POC
6.5 Oct 12

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when proc

CVE-2016-5841 CRITICAL POC
9.8 Dec 13

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of serv

CVE-2016-3717 MEDIUM POC
5.5 May 05

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files vi

CVE-2016-5118 CRITICAL
9.8 Jun 10

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit

CVE-2016-5689 CRITICAL POC
9.8 Dec 13

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b

CVE-2016-5690 CRITICAL POC
9.8 Dec 13

The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to

CVE-2016-5691 CRITICAL POC
9.8 Dec 13

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b

CVE-2017-14138 CRITICAL POC
9.8 Sep 04

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in cer

CVE-2026-23876 CRITICAL POC
9.8 Jan 20

Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d

CVE-2023-34152 CRITICAL POC
9.8 May 30

A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable

CVE-2019-19952 CRITICAL POC
9.8 Dec 24

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to R

CVE-2018-14551 CRITICAL POC
9.8 Jul 23

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory cor

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected

Share

CVE-2026-56367 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy