Primary

Context

ImageMagick Heap Overflow Vulnerability in VIFF Encoder on 32-Bit Builds

Vulnerability

Patched

A heap overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-19 and 6.9.13-44. The issue arises in the VIFF encoder on 32-bit builds, where an integer truncation and wraparound problem could lead to an out-of-bounds write in the heap, potentially causing a crash.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to a crash of the application.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-19 or 6.9.13-44 to address this vulnerability.

Added: Apr 13, 2026, 9:29 PM

Updated: Apr 13, 2026, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

5.0

remediation

7.7

relevance

5.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

5.0

remediation

7.7

relevance

5.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Overflow Vulnerability in VIFF Encoder on 32-Bit Builds

Vulnerability

Impact

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating