Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
Published: 2026-03-26
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

ImageMagick contains an out‑of‑bounds write of a zero byte in the X11 display interaction path. The flaw can cause the application to crash when processing a crafted image. The result is a denial of service, as the affected process terminates unexpectedly, without offering elevation of privilege, data corruption, or data disclosure.

Affected Systems

Any installation of ImageMagick using a version earlier than 7.1.2‑18 or 6.9.13‑43 is potentially vulnerable. The vulnerability affects the ImageMagick product across all platforms that expose the X11 display interface.

Risk and Exploitability

The CVSS score of 4 indicates a moderate severity, and the EPSS score is not available, suggesting there is no publicly known exploit yet. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the ability to submit a malicious image to the X11 display path, which may be local or remote depending on the context; however, the input does not explicitly state the exact vector, so this is inferred from the description of the affected interaction.

Generated by OpenCVE AI on March 26, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the ImageMagick patch to version 7.1.2‑18 or newer, or 6.9.13‑43 or newer, to resolve the out‑of‑bounds write.
  • Verify the installed ImageMagick version with the vendor's release notes or checksum to confirm the patch has been applied.
  • If an update is not immediately feasible, isolate or block the X11 display interaction for untrusted image inputs to prevent crashes.
  • Keep the software regularly updated by monitoring the ImageMagick security advisories for future patches or additional fixes.

Generated by OpenCVE AI on March 26, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mw3m-pqr2-qv7c ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction
History

Fri, 27 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Low

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Thu, 26 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
Title ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T19:52:30.452Z

Reserved: 2026-03-20T18:05:11.831Z

Link: CVE-2026-33535

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-26T20:16:15.723

Modified: 2026-03-26T20:16:15.723

Link: CVE-2026-33535

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-26T19:52:30Z

Links: CVE-2026-33535 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:25:18Z

Weaknesses