Heap-based Buffer Overflow (CWE-122)
5.9
CVSS 3.1 · Vendor: vendor:alpine
Share
Severity by source
Vendor (vendor:alpine)
PRIMARY
5.9
MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (vendor:alpine) · only source for this CVE.
CVSS VectorVendor: vendor:alpine
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Lifecycle Timeline
3
Patch available
Jun 25, 2026 - 23:04 EUVD
CVSS changed
Jun 10, 2026 - 23:22 NVD
5.9 (MEDIUM)
Analysis Generated
Jun 10, 2026 - 09:01 vuln.today
DescriptionCVE.org
Alpine Linux: imagemagick fixed in 7.1.2.24-r0
AnalysisAI
ImageMagick on Alpine Linux received a security fix in package version 7.1.2.24-r0. The specific vulnerability class, impact, and affected versions prior to the fix have not been disclosed in the available intelligence. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Unknown attack vector
Exploit
Trigger uncharacterized vulnerability in ImageMagick
Impact
Unconfirmed impact
Access
Unknown attack vector
Exploit
Trigger uncharacterized vulnerability in ImageMagick
Impact
Unconfirmed impact
Vulnerability AssessmentAI
| Exploitation | Exploitation conditions are entirely unknown - no vulnerability description, CVSS vector, or CWE was provided. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Risk cannot be meaningfully assessed from the available data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | The specific exploit scenario cannot be constructed from the available data, as the vulnerability type, attack vector, and required conditions are undisclosed. ImageMagick historically has been exploited by supplying crafted image files to trigger memory corruption or code execution in applications that process user-uploaded images. … |
| Remediation | Upgrade the ImageMagick package on Alpine Linux to version 7.1.2.24-r0 or later using the standard Alpine package manager: 'apk upgrade imagemagick'. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).
EUVD-2026-36183
GHSA-4v89-6mgq-6rgc