Primary

Context

ImageMagick Heap Buffer Overflow Vulnerability in YAML and JSON Encoders

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in ImageMagick versions prior to 7.1.2-19. This vulnerability occurs in the YAML and JSON output encoders, where a crafted image can cause an out-of-bounds heap write, leading to a crash.

Impact

Exploitation of this vulnerability causes a heap buffer overflow write, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using ImageMagick to process a crafted image that is designed to exploit the YAML or JSON output encoding. This can be done by using the 'magick' command-line tool or through a programming interface that uses ImageMagick, such as Magick.NET. The crafted image should be prepared to trigger the out-of-bounds write when the YAML or JSON output is generated.

Remediation

Users can upgrade to ImageMagick version 7.1.2-19 or later to address this vulnerability.

Added: Apr 13, 2026, 10:34 PM

Updated: Apr 13, 2026, 10:34 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

1.3

exploitability

4.3

remediation

7.7

relevance

5.8

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

1.3

exploitability

4.3

remediation

7.7

relevance

5.8

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Buffer Overflow Vulnerability in YAML and JSON Encoders

Vulnerability

Impact

Reproduction

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating