Primary

Context

ImageMagick Signed Integer Overflow Vulnerability in SIXEL Decoder Allowing Memory Corruption and Denial-of-Service

Vulnerability

Patched

A signed integer overflow vulnerability has been identified in ImageMagick's SIXEL decoder, prior to versions 7.1.2-15 and 6.9.13-40. This vulnerability allows an attacker to cause memory corruption and denial-of-service by processing a maliciously crafted SIXEL image file. The issue arises during buffer reallocation operations, where pointer arithmetic with signed 32-bit integers can overflow, leading to memory corruption.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to a denial-of-service condition. Additionally, such memory corruption vulnerabilities can often be exploited to execute arbitrary code under certain conditions.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40 to address this vulnerability.

Added: Feb 24, 2026, 2:37 AM

Updated: Feb 24, 2026, 2:37 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

3.3

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

3.3

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Signed Integer Overflow Vulnerability in SIXEL Decoder Allowing Memory Corruption and Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating