Volerion logoVolerion
Volerion logoVolerion

ImageMagick Stack Buffer Overflow Vulnerability in MNG Encoder

Vulnerability

A stack buffer overflow vulnerability has been identified in the ImageMagick MNG encoder, present in versions prior to 7.1.2-16 and 6.9.13-41. The vulnerability arises from missing bounds checks, allowing attacker-controlled data to corrupt the stack. This issue has been addressed in the patched versions 7.1.2-16 and 6.9.13-41.

Impact

Exploitation of this vulnerability leads to a stack buffer overflow, allowing for potential arbitrary code execution.

Reproduction

The vulnerability can be reproduced by processing a specially crafted MNG file with an affected version of ImageMagick. The missing bounds checks in the MNG encoder will allow the crafted file to overwrite the stack with attacker-controlled data, triggering the buffer overflow.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-16 or 6.9.13-41 to address this vulnerability.

Added: Mar 10, 2026, 7:47 AM
Updated: Mar 10, 2026, 7:47 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
5.6
exploitability
3.6
remediation
7.7
relevance
3.7
threat
1.6
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.