Volerion logoVolerion
Volerion logoVolerion

ImageMagick Stack Buffer Overflow Vulnerability in MSL Attribute Processing

Vulnerability

A stack buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. The issue arises in the 'msl.c' file, where a long value in an attribute overflows a fixed-size stack buffer, leading to memory corruption. This vulnerability has been patched in the mentioned versions.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, allowing for out-of-bounds memory writes. Such memory corruption can potentially be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by processing an image file that contains a specially crafted attribute value. The long value will overflow the stack buffer in 'msl.c', causing a stack buffer overflow error. This can be verified using AddressSanitizer, which will report the stack-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40 to address this vulnerability.

Added: Feb 24, 2026, 2:33 AM
Updated: Feb 24, 2026, 2:33 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
7.5
exploitability
4.4
remediation
7.7
relevance
3.1
threat
1.6
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.