ImageMagick contains a stack-based buffer overflow in the FTXT image reader that allows out‑of‑bounds writes to the stack when processing a crafted file. The flaw is triggered by an oversized integer field in the file header and results in a program crash; while the description does not confirm arbitrary code execution, the nature of the overflow could permit it if an attacker can control the payload. This vulnerability corresponds to several common weaknesses: stack corruption (CWE‑121), unsigned integer overflow (CWE‑190), and buffer overread/write (CWE‑787).

The flaw affects installations of ImageMagick, specifically all releases before 7.1.2‑15. Any system that uses the ImageMagick library to read FTXT files, such as web servers, document processors, or media applications, may be impacted when provided with a malicious file. Versions 7.1.2‑15 and later include the patch that resolves the overflow.

The CVSS score of 7.4 marks this vulnerability as moderately severe. Its EPSS probability is below 1%, suggesting that, as of now, the volume of exploitation in the wild is very low. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker would need to supply a crafted FTXT file to the ImageMagick library, which could be achieved through file uploads, email attachments, or other import mechanisms. Once processed, the crash could lead to denial of service, and if the attacker achieves control over the stack, arbitrary code execution is possible, though no public exploits have been documented.