Primary

Context

ImageMagick Heap Buffer Overflow Vulnerability in Wavelet Denoise Operation

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-16 and 6.9.13-41. The issue arises in the WaveletDenoiseImage method, where a crafted image can cause an out-of-bounds write in memory. This vulnerability is triggered when the -wavelet-denoise operation is applied to a specially crafted image.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, which can commonly result in arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by processing a crafted image with the -wavelet-denoise operation in an affected version of ImageMagick. This will trigger the out-of-bounds heap write in the WaveletDenoiseImage method.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-16 or 6.9.13-41 to address this vulnerability.

Added: Mar 10, 2026, 7:54 AM

Updated: Mar 10, 2026, 7:54 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

7.7

relevance

4.1

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

7.7

relevance

4.1

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Buffer Overflow Vulnerability in Wavelet Denoise Operation

Vulnerability

Impact

Reproduction

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating