Description
A flaw was found in GraphicsMagick's Photo CD (PCD) decoder. A remote attacker could exploit this vulnerability by providing a specially crafted PCD file. This could lead to an out-of-bounds write, corrupting memory and potentially causing a denial of service or other unpredictable system behavior.
Published: n/a
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw exists in GraphicsMagick’s Photo CD (PCD) decoder that permits a specially crafted PCD file to trigger an out‑of‑bounds write. This memory corruption can overwrite adjacent data structures, causing the application to crash, become unresponsive, or experience unpredictable behavior. The weakness is a classic example of CWE‑787: Out‑of‑Bounds Write.

Affected Systems

The vulnerability affects installations of GraphicsMagick that use the default PCD decoder. Specific product version information is not disclosed in the available data, so any deployment that has not applied a fix from the vendor is potentially vulnerable.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. EPSS information is not available, so the current likelihood of exploitation cannot be quantified but the lack of a mitigation suggests that a motivated attacker could feasibly craft a malicious PCD file. The description explicitly states that a remote attacker could exploit the flaw, implying that the attack vector may involve remote file ingestion, such as through a web service or network share that processes PCD images. Because the vulnerability is listed as not being part of the CISA KEV catalog, there is no evidence of widespread exploitation at this time. Nonetheless, the nature of the flaw—out‑of‑bounds write—warrants cautious handling and remediation.

Generated by OpenCVE AI on June 29, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace any PCD files that are inadvertently processed by the system or configure the environment to skip the Photo CD format altogether
  • Update GraphicsMagick to the latest release once a vendor patch is available
  • Configure the image processing pipeline to run under confinement or a sandbox to contain potential memory corruption

Generated by OpenCVE AI on June 29, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Graphicsmagick
Graphicsmagick graphicsmagick
Vendors & Products Graphicsmagick
Graphicsmagick graphicsmagick

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in GraphicsMagick's Photo CD (PCD) decoder. A remote attacker could exploit this vulnerability by providing a specially crafted PCD file. This could lead to an out-of-bounds write, corrupting memory and potentially causing a denial of service or other unpredictable system behavior.
Title GraphicsMagick: GraphicsMagick: Memory corruption via crafted Photo CD (PCD) file
Weaknesses CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Subscriptions

Graphicsmagick Graphicsmagick
cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-28T12:34:00Z

Links: CVE-2026-13606 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T18:15:03Z

Weaknesses