ImageMagick's JP2 encoder contains an incorrect boundary check that can cause a heap buffer over-write of one byte when specific options are supplied, potentially corrupting memory and leading to inconsistent image data or application instability. The flaw aligns with CWE-193 and CWE-787 vulnerabilities and has a CVSS score of 4.0, indicating a low severity impact on confidentiality, integrity, and availability. While the single-byte overwrite is unlikely to directly result in exploitable code execution, it can still compromise the stability of ImageMagick‑based services or downstream applications.

This issue affects versions of ImageMagick before 6.9.13‑48 and 7.1.2‑23, across all platforms that compile with the JP2 encoder. Users should verify the installed ImageMagick version and ensure it is not one of the vulnerable builds.

Based on the description, the likely attack vector involves an attacker supplying a crafted JP2 image or using specific encoder options. The vulnerability has an EPSS score that is not available, and it is not listed in CISA's KEV catalog, reflecting limited known exploitation. Attackers would need to supply a crafted JP2 image or trigger the encoder with particular options; local or remote exploitation is plausible if an application processes untrusted images through ImageMagick. With a low CVSS score, the risk is moderate but remediation is advisable to avoid potential stability issues and mitigate future exploitation vectors.