Impact
ImageMagick contains a heap use‑after‑free flaw in the meta coder. When a memory allocation fails, a single byte is written to a stale pointer, which can trigger a denial of service. The weakness is a classic use‑after‑free (CWE‑416) and also involves improper buffer direct access to heap memory (CWE‑825).
Affected Systems
The vulnerability affects all users of ImageMagick versions prior to 7.1.2‑15 and 6.9.13‑40. These versions are installed under the ImageMagick product from the ImageMagick vendor.
Risk and Exploitability
The CVSS score of 6.3 indicates moderate severity. The EPSS score of less than 1% combined with the absence of a CISA KEV listing indicates a very low likelihood of exploitation. Remote attackers can trigger the fault by providing a specially crafted image file; the exploit results in a denial of service, potentially impacting availability of any service that processes images using ImageMagick.
OpenCVE Enrichment
Debian DLA
Debian DSA