Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
File-parsing flaw reachable via network-submitted image with no auth or interaction; read-only OOB access yields limited confidentiality and availability impact only.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
AnalysisAI
Integer overflow in ImageMagick's XCF (GIMP native format) decoder allows remote unauthenticated attackers to trigger an out-of-bounds read by supplying a crafted XCF image file, resulting in an application crash or limited memory disclosure. All ImageMagick releases prior to 6.9.13-51 (legacy branch) and 7.1.2-26 (current branch) are affected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The vulnerable code path requires that the target system invoke the ImageMagick XCF image decoder on attacker-controlled input - meaning the application must accept XCF-format files, or lack format validation that would block them before decoding. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 3.1 score of 6.5 (Medium) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L accurately characterizes the attack surface: the flaw is reachable over a network with no authentication, no user interaction, and low attack complexity, making it broadly automatable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker submits a specially crafted XCF image file to a web application, API endpoint, or image-processing pipeline that passes user-supplied files to ImageMagick. The malformed XCF triggers the integer overflow in the decoder, which causes an out-of-bounds read - either crashing the ImageMagick worker process (denial of service) or, in a more targeted scenario, leaking a small region of heap memory that could contain session tokens or other sensitive data processed nearby. … |
| Remediation | Upgrade ImageMagick to version 6.9.13-51 or later (for 6.x deployments) or to version 7.1.2-26 or later (for 7.x deployments), as confirmed by the vendor security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Imagemagick
View allReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when proc
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of serv
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files vi
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in cer
Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d
A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to R
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory cor
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41113