Primary

Context

ImageMagick Heap Overflow Vulnerability in PNG Encoder Due to Large Image Profiles

Vulnerability

Patched

A heap overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-16 and 6.9.13-41. This issue arises when the software processes extremely large image profiles while encoding PNG images. The vulnerability has been addressed in the mentioned patched versions.

Impact

Exploitation of this vulnerability leads to a heap buffer overwrite, which can commonly be exploited to execute arbitrary code.

Added: Mar 10, 2026, 7:57 AM

Updated: Mar 10, 2026, 7:57 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

3.3

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

3.3

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Overflow Vulnerability in PNG Encoder Due to Large Image Profiles

Vulnerability

Impact

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating