Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Published: 2026-03-09
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption that can enable arbitrary code execution
Action: Apply patch
AI Analysis

Impact

ImageMagick processes images for the XWD format using a bytes per line calculation that overflows a 32‑bit unsigned integer. The overflow reduces the heap allocation size and allows an out‑of‑bounds write when a very large image is handled, creating a heap buffer overflow (CWE‑122) that can corrupt memory or, due to the unsigned arithmetic error, potentially allow arbitrary code execution (CWE‑190).

Affected Systems

All ImageMagick releases older than 7.1.2‑16 and 6.9.13‑41 built with the XWD encoder are affected, regardless of platform.

Risk and Exploitability

With a CVSS score of 6.8 the vulnerability is of moderate severity, and the EPSS score of less than 1% indicates a low probability of broad exploitation at the moment. The vulnerability is not listed in the CISA KEV catalog. The most likely attack scenario involves an adversary supplying a specially crafted, extremely large image file to an application that uses ImageMagick, triggering the heap overflow and potentially giving the attacker code execution or causing a crash. No documented network‑only vector exists, so the attacker must be able to deliver the malicious image data to the vulnerable program.

Generated by OpenCVE AI on April 17, 2026 at 11:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ImageMagick to version 7.1.2‑16 or later, or to 6.9.13‑41 or later.
  • If an upgrade is not feasible, disable or remove the XWD encoder from the ImageMagick installation where possible.
  • Implement size checks or enforce a maximum image dimension before passing an image to ImageMagick to prevent exceedingly large files from reaching the encoder.

Generated by OpenCVE AI on April 17, 2026 at 11:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4539-1 imagemagick security update
Debian DSA Debian DSA DSA-6169-1 imagemagick security update
Debian DSA Debian DSA DSA-6210-1 imagemagick security update
Github GHSA Github GHSA GHSA-qpg4-j99f-8xcg ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation
History

Wed, 18 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 10 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Mon, 09 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Title ImageMagick has a heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation
Weaknesses CWE-122
CWE-190
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-10T14:34:52.599Z

Reserved: 2026-03-07T16:40:05.885Z

Link: CVE-2026-30937

cve-icon Vulnrichment

Updated: 2026-03-10T14:34:48.846Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T07:44:57.840

Modified: 2026-03-18T18:18:18.640

Link: CVE-2026-30937

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-09T21:50:15Z

Links: CVE-2026-30937 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:00:11Z

Weaknesses