Volerion logoVolerion
Volerion logoVolerion

ImageMagick Stack-Buffer Overflow Vulnerability in Filename Interpretation Allowing Out-of-Bounds Write

Vulnerability

A stack-buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-18 and 6.9.13-43. The issue arises from an incorrect return value on certain platforms, which causes a pointer to be incremented past the end of a stack buffer, leading to an out-of-bounds write. This vulnerability has been assigned a moderate severity rating.

Impact

Exploitation of this vulnerability causes a stack-buffer overflow, allowing for an out-of-bounds write. Such memory corruption can often be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using ImageMagick to process an image file that triggers the buffer overflow in the 'InterpretImageFilename' function. This can be done by crafting an image file that exploits the incorrect return value, causing the pointer to overwrite memory beyond the intended buffer.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-18 or 6.9.13-43 to address this vulnerability.

Added: Mar 26, 2026, 8:20 PM
Updated: Mar 26, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.7
exploitability
3.2
remediation
7.7
relevance
4.7
threat
1.6
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.