Primary

Context

ImageMagick Heap Buffer Over-Read Vulnerability in Bilateral Blur Operation

Vulnerability

Patched

A heap buffer over-read vulnerability has been identified in ImageMagick versions prior to 7.1.2-16. The issue arises in the BilateralBlurImage function, where an incorrect conversion leads to an out-of-bounds read when processing crafted images with the '-bilateral-blur' operation. This vulnerability requires user interaction to exploit.

Impact

Exploitation of this vulnerability causes a heap buffer over-read, which can lead to memory corruption or disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by processing a crafted image with the '-bilateral-blur' operation in an affected version of ImageMagick. This will trigger the heap buffer over-read due to the incorrect conversion in the BilateralBlurImage function.

Remediation

Users can upgrade to ImageMagick version 7.1.2-16 or later to address this vulnerability.

Added: Mar 10, 2026, 7:56 AM

Updated: Mar 10, 2026, 7:56 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.6

remediation

7.7

relevance

3.7

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.6

remediation

7.7

relevance

3.7

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Buffer Over-Read Vulnerability in Bilateral Blur Operation

Vulnerability

Impact

Reproduction

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating