Primary

Context

ImageMagick Heap Buffer Overflow Vulnerability in JXL Encoder Allowing Memory Corruption

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in the ImageMagick JXL encoder, in versions prior to 7.1.2-19. The issue arises when an image is encoded as 16-bit floats, leading to a heap write overflow. This vulnerability can cause memory corruption, with potential exploitation scenarios including arbitrary code execution or application crashes.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, causing a write of a single zero byte when encoding JXL images as 16-bit floats. This type of memory corruption can often be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Remediation

Users can upgrade to ImageMagick version 7.1.2-19 or later to address this vulnerability.

Added: Apr 13, 2026, 10:33 PM

Updated: Apr 13, 2026, 10:33 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

5.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

5.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Buffer Overflow Vulnerability in JXL Encoder Allowing Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating