Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Published: 2026-02-25
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability arises from an integer truncation bug in the calculation of the stride for the pixel buffer while parsing DJVU images. This causes a 32‑bit signed integer overflow, leading to a heap buffer over‑read that can expose arbitrary heap memory contents. The flaw is a classic buffer over‑read (CWE-122/125/126) and could result in information disclosure or potential corruption of data processed by ImageMagick.

Affected Systems

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected. The flaw also applies to users that employ the .NET wrapper Magick.NET, which relies on the underlying ImageMagick libraries. The security notes reference patches that are included starting in those versions, and Magick.NET releases 14.10.3 incorporate the fix.

Risk and Exploitability

The CVSS score of 4.0 indicates a moderate severity, and the EPSS of less than 1% implies a very low expected exploitation rate. It is not listed in the CISA KEV catalog, so no confirmed exploit is known. Based on the type of vulnerability, the attack would require a crafted DJVU image to be processed by the affected library. If the library is used in a public‑facing application, an attacker could potentially trigger the buffer over‑read by uploading such a file, exposing sensitive heap data.

Generated by OpenCVE AI on April 17, 2026 at 14:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ImageMagick to version 7.1.2-15 or newer, or 6.9.13-40 or newer, and update Magick.NET to 14.10.3 or later to apply the patch.
  • If an immediate upgrade is not feasible, disable DJVU image format support in the ImageMagick configuration to prevent the vulnerable code path from executing.
  • Run image processing in a sandboxed or partially trusted environment to limit the impact of any potential memory read.

Generated by OpenCVE AI on April 17, 2026 at 14:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4497-1 imagemagick security update
Debian DSA Debian DSA DSA-6158-1 imagemagick security update
Debian DSA Debian DSA DSA-6159-1 imagemagick security update
Github GHSA Github GHSA GHSA-r99p-5442-q2x2 ImageMagick has a heap Buffer Over-read in its DJVU image format handler
History

Sat, 28 Feb 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlemstra
Dlemstra magick.net
CPEs cpe:2.3:a:dlemstra:magick.net:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Vendors & Products Dlemstra
Dlemstra magick.net

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Thu, 26 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 25 Feb 2026 23:45:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Title ImageMagick has a heap Buffer Over-read in its DJVU image format handler
Weaknesses CWE-122
CWE-126
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Dlemstra Magick.net
Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T17:04:08.122Z

Reserved: 2026-02-24T02:31:33.266Z

Link: CVE-2026-27799

cve-icon Vulnrichment

Updated: 2026-02-26T17:04:02.801Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-26T00:16:25.393

Modified: 2026-02-27T16:01:02.333

Link: CVE-2026-27799

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-25T23:20:25Z

Links: CVE-2026-27799 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:45:21Z

Weaknesses