Volerion logoVolerion
Volerion logoVolerion

ImageMagick Heap Buffer Overflow Vulnerability in YUV Decoder Allowing Memory Corruption

Vulnerability

A heap buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. The issue arises in the YUV 4:2:2 (NoInterlace) image processing within the ReadYUVImage() function in coders/yuv.c. The vulnerability allows for a write operation that exceeds the allocated buffer size, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can commonly lead to memory corruption and possibly arbitrary code execution.

Reproduction

The vulnerability can be reproduced by processing a malicious YUV 4:2:2 (NoInterlace) image with an affected version of ImageMagick. The image should be crafted to exploit the pixel-pair loop in the YUV decoder, causing it to write beyond the allocated row buffer.

Remediation

Users should upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40, where this vulnerability has been patched.

Added: Feb 24, 2026, 2:31 AM
Updated: Feb 24, 2026, 2:31 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
0.6
exploitability
4.4
remediation
7.7
relevance
3.1
threat
1.6
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.