Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.
Published: 2026-06-10
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw arises from a missing depth check in ImageMagick's fx operation. A crafted argument can trigger a stack overflow, potentially corrupting memory. The resulting memory corruption could lead to an application crash or, in some contexts, arbitrary code execution if the overwritten data controls execution flow. The weakness is classified as CWE‑674: Integer or Buffer Overflow.

Affected Systems

ImageMagick software, version 7.x prior to 7.1.2-23. The patch was released in version 7.1.2-23.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate risk. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require the attacker to supply a malicious image to a system running an unpatched ImageMagick instance. Because the flaw resides in a stack‑based buffer, the attack vector is inferred to be local or through a remote service that processes images without proper input validation.

Generated by OpenCVE AI on June 10, 2026 at 23:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ImageMagick to version 7.1.2-23 or later.
  • If an immediate upgrade is not possible, disable the fx operation or restrict its use to trusted inputs only.
  • Validate image depth and size before processing to mitigate potential overflows.

Generated by OpenCVE AI on June 10, 2026 at 23:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6298-1 imagemagick security update
Github GHSA Github GHSA GHSA-rcr6-g7jc-f57g ImageMagick: Stack overflow in fx operation
History

Wed, 10 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Wed, 10 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.
Title ImageMagick: Stack overflow in fx operation
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T21:44:40.973Z

Reserved: 2026-05-14T20:42:31.369Z

Link: CVE-2026-46557

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T23:16:47.037

Modified: 2026-06-10T23:16:47.037

Link: CVE-2026-46557

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:30:44Z

Weaknesses