Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.
Published: 2026-06-10
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Prior to version 7.1.2-25, the SF3 encoder in ImageMagick can overwrite heap memory when processing a crafted multi‑frame image. This buffer over‑write is a classic heap corruption vulnerability (CWE‑122, CWE‑787) that may allow an attacker to execute arbitrary code or cause a denial of service through a crash, depending on the privileges of the image processing context.

Affected Systems

The vulnerability affects all releases of the ImageMagick image processing library before version 7.1.2‑25. Users running older versions of the library are potentially exposed.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity. No EPSS score is currently available, and the vulnerability is not listed in the CISA KEV catalog. Attackers would likely need to supply a malicious multi‑frame image to an application that uses the SF3 encoder; the vector is therefore considered local or application‑based. While the description does not confirm an exploit, the nature of the overflow makes arbitrary memory overwrite possible, warranting precaution.

Generated by OpenCVE AI on June 11, 2026 at 00:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ImageMagick to version 7.1.2-25 or later.
  • Disable the SF3 encoder by applying an ImageMagick policy that blocks use of this format if an immediate upgrade is not possible.
  • Audit applications that process images to ensure they do not accept untrusted multi‑frame images and enforce input validation or fall back to safer encoders.

Generated by OpenCVE AI on June 11, 2026 at 00:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Wed, 10 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.
Title ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
Weaknesses CWE-122
CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T22:07:50.597Z

Reserved: 2026-06-09T16:31:21.495Z

Link: CVE-2026-53465

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T23:16:50.997

Modified: 2026-06-10T23:16:50.997

Link: CVE-2026-53465

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T00:15:27Z

Weaknesses