Primary

Context

ImageMagick Heap Buffer Overflow Vulnerability in XWD Encoder Allowing Out-of-Bounds Write

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-16 and 6.9.13-41. This issue arises from a 32-bit unsigned integer overflow in the XWD (X Windows) encoder, leading to an undersized heap buffer allocation. When processing extremely large images, this vulnerability can be exploited to perform an out-of-bounds write on the heap.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, which can commonly be exploited to execute arbitrary code.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-16 or 6.9.13-41 to address this vulnerability.

Added: Mar 10, 2026, 7:55 AM

Updated: Mar 10, 2026, 7:55 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

3.3

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

3.3

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Buffer Overflow Vulnerability in XWD Encoder Allowing Out-of-Bounds Write

Vulnerability

Impact

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating