Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
File-based local trigger (AV:L), no privileges needed (PR:N), user must process the file (UI:R), impact confined to availability via process crash (A:H, C:N, I:N).
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.
AnalysisAI
Heap buffer over-write in ImageMagick's JP2 (JPEG 2000) encoder - present in all versions prior to 7.1.2-26 - allows an attacker to crash the process by supplying a maliciously crafted JP2 image file, resulting in a denial-of-service condition. The root cause is CWE-682 (Incorrect Calculation): argument handling logic in the JP2 encoder computes incorrect bounds, leading to an out-of-bounds heap write. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a user or automated process invoke ImageMagick (prior to 7.1.2-26) to process a specially crafted JP2 (JPEG 2000) image file - specifically through the JP2 encoder code path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 score of 5.5 (Medium) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H accurately characterizes this as a local, user-triggered denial-of-service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malformed JP2 image file that triggers the incorrect argument calculation in ImageMagick's JP2 encoder and delivers it to a target - for example, by uploading it to a web application that uses ImageMagick for server-side image conversion or thumbnail generation. When the application's ImageMagick process attempts to encode or transcode the file, the heap buffer over-write corrupts heap metadata, causing the process to crash and resulting in a denial-of-service for that image-processing function. … |
| Remediation | Upgrade to ImageMagick version 7.1.2-26 or later, which contains the vendor-confirmed fix for this issue. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Imagemagick
View allReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when proc
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of serv
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files vi
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in cer
Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d
A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to R
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory cor
Same weakness CWE-682 – Incorrect Calculation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41124