Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
Published: 2026-06-10
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a null pointer dereference that occurs in the distort operation when an image is processed with incorrect arguments. The bug causes ImageMagick to crash and potentially stop a service, resulting in a denial of service. The weakness is identified as CWE‑476.

Affected Systems

Vulnerable versions of ImageMagick include all releases prior to 6.9.13‑50 and prior to 7.1.2‑25. These affected branches include ImageMagick v6 series before 6.9.13‑50 and ImageMagick v7 series before 7.1.2‑25. Systems that run these older releases and invoke the distort operation are at risk.

Risk and Exploitability

The recorded CVSS score is 4.3, indicating moderate severity. No EPSS score is available, so the likelihood of exploitation is uncertain, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a crafted image file that a service using ImageMagick will process; by supplying malformed distort parameters a local or remote user could trigger the crash.

Generated by OpenCVE AI on June 10, 2026 at 23:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ImageMagick to a patched release—at least 6.9.13‑50 for the v6 series or 7.1.2‑25 for the v7 series.
  • If an upgrade cannot be performed immediately, validate all arguments supplied to the distort operation or disable distorted transformations in publicly exposed functionality.
  • Regularly monitor image‑processing services for abnormal crashes and apply future vendor security updates as they become available.

Generated by OpenCVE AI on June 10, 2026 at 23:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Wed, 10 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
Title ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T22:05:58.915Z

Reserved: 2026-06-09T16:31:21.495Z

Link: CVE-2026-53463

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T23:16:50.720

Modified: 2026-06-10T23:16:50.720

Link: CVE-2026-53463

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:45:44Z

Weaknesses