Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-28690

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-09 Mar, 2026 | 21:39
Updated At-10 Mar, 2026 | 15:58
Rejected At-
Credits

ImageMagick has a stack write buffer overflow in MNG encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:09 Mar, 2026 | 21:39
Updated At:10 Mar, 2026 | 15:58
Rejected At:
â–¼CVE Numbering Authority (CNA)
ImageMagick has a stack write buffer overflow in MNG encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected Products
Vendor
ImageMagick Studio LLCImageMagick
Product
ImageMagick
Versions
Affected
  • >= 7.0.0, < 7.1.2-16
  • < 6.9.13-41
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.16.9MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Version: 3.1
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf
x_refsource_CONFIRM
Hyperlink: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:10 Mar, 2026 | 07:43
Updated At:11 Mar, 2026 | 17:32

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.9MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Primary3.16.5MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
CPE Matches
ImageMagick Studio LLC
imagemagick
>>imagemagick>>Versions before 6.9.13-41(exclusive)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>imagemagick>>Versions from 7.0.0-0(inclusive) to 7.1.2-16(exclusive)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Primarysecurity-advisories@github.com
CWE ID: CWE-121
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpfsecurity-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2026-33536
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 4.55%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 19:57
Updated-02 Apr, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has an Out-of-bounds Write via InterpretImageFilename

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-30929
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.02% / 4.03%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 21:46
Updated-13 Mar, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a stack buffer overflow in MagnifyImage

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-32259
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.02%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 19:38
Updated-13 Mar, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a possible stack buffer overflow in sixel encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-ImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-28494
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.33%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 21:31
Updated-12 Mar, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick affected by stack corruption through long morphology kernel names or arrays

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-25968
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.06% / 18.95%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:30
Updated-26 Feb, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-25967
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.02% / 4.96%
||
7 Day CHG-0.04%
Published-24 Feb, 2026 | 01:29
Updated-26 Feb, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has stack buffer overflow in FTXT reader via oversized integer field

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3195
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.04%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
Details not found