Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
Published: 2026-06-10
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a null pointer dereference that occurs in the distort operation when an image is processed with incorrect arguments. The bug causes ImageMagick to crash and potentially stop a service, resulting in a denial of service. The weakness is identified as CWE‑476.

Affected Systems

Vulnerable versions of ImageMagick include all releases prior to 6.9.13‑50 and prior to 7.1.2‑25. These affected branches include ImageMagick v6 series before 6.9.13‑50 and ImageMagick v7 series before 7.1.2‑25. Systems that run these older releases and invoke the distort operation are at risk.

Risk and Exploitability

The recorded CVSS score is 4.3, indicating moderate severity. No EPSS score is available, so the likelihood of exploitation is uncertain, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a crafted image file that a service using ImageMagick will process; by supplying malformed distort parameters a local or remote user could trigger the crash.

Generated by OpenCVE AI on June 10, 2026 at 23:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ImageMagick to a patched release—at least 6.9.13‑50 for the v6 series or 7.1.2‑25 for the v7 series.
  • If an upgrade cannot be performed immediately, validate all arguments supplied to the distort operation or disable distorted transformations in publicly exposed functionality.
  • Regularly monitor image‑processing services for abnormal crashes and apply future vendor security updates as they become available.

Generated by OpenCVE AI on June 10, 2026 at 23:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4643-1 imagemagick security update
Debian DSA Debian DSA DSA-6356-1 imagemagick security update
Github GHSA Github GHSA GHSA-p9rq-q46c-g4x6 ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments
History

Sat, 13 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 11 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Thu, 11 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Wed, 10 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
Title ImageMagick: Null Pointer Dereference in distort operation when passing incorrect arguments
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}


Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-11T12:56:56.146Z

Reserved: 2026-06-09T16:31:21.495Z

Link: CVE-2026-53463

cve-icon Vulnrichment

Updated: 2026-06-11T12:56:51.535Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T23:16:50.720

Modified: 2026-06-11T18:43:19.833

Link: CVE-2026-53463

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-10T22:05:58Z

Links: CVE-2026-53463 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:45:44Z

Weaknesses