Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16.
Published: 2026-03-09
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap Buffer Overflow
Action: Patch
AI Analysis

Impact

ImageMagick contains a heap‑based buffer overflow in its UHDR encoder that occurs when a truncated value is processed. The overflow writes beyond the intended buffer, potentially overwriting adjacent memory structures. This corruption can lead to unpredictable behavior or, in the right circumstances, code execution.

Affected Systems

All ImageMagick releases prior to version 7.1.2‑16, including both the 7.x mainline and earlier 6.x branches, are affected. Any installation that accepts UHDR image input without the patch is vulnerable.

Risk and Exploitability

The flaw has a CVSS v3.1 score of 6.8, placing it in the moderate severity range. Exploit probability is reported as less than 1%, indicating low likelihood of successful attacks at present, and it does not appear in the CISA catalog of known exploited vulnerabilities. Attackers would need to supply a crafted UHDR image, suggesting the vector could be via a malicious file supplied remotely or by a local untrusted source. No additional exploitation conditions are documented beyond the requirement to invoke the UHDR encoder.

Generated by OpenCVE AI on April 17, 2026 at 11:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ImageMagick to version 7.1.2‑16 or later to apply the fix.
  • If an upgrade is not feasible, disable UHDR image processing or validate all incoming UHDR files to prevent malicious payloads.
  • Monitor for unexpected crashes, memory corruption events, or other anomalous behavior that might indicate exploitation of image‑processing components.

Generated by OpenCVE AI on April 17, 2026 at 11:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6169-1 imagemagick security update
Github GHSA Github GHSA GHSA-h95r-c8c7-mrwx ImageMagick has heap-based buffer overflow in UHDR encoder
History

Fri, 13 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 10 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Mon, 09 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16.
Title ImageMagick has a heap-based buffer overflow in UHDR encoder
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-10T14:53:10.526Z

Reserved: 2026-03-07T16:40:05.885Z

Link: CVE-2026-30931

cve-icon Vulnrichment

Updated: 2026-03-10T14:53:07.369Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T07:44:57.303

Modified: 2026-03-13T16:59:45.720

Link: CVE-2026-30931

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-09T21:47:48Z

Links: CVE-2026-30931 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:00:11Z

Weaknesses