ImageMagick Information Disclosure Vulnerability via Identify Command

Vulnerability

An information disclosure vulnerability exists in ImageMagick versions prior to 7.1.2-26 and 6.9.13-51. When the identify command is used to display a profile with non-printable values, a single byte can be read past the profile boundary. This issue arises with debug output enabled.

Impact

Exploitation of this vulnerability allows for out-of-bounds reading, potentially leading to information disclosure.

Added: Jul 15, 2026, 12:29 PM
Updated: Jul 15, 2026, 12:29 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
0.6
exploitability
3.3
remediation
7.7
relevance
9.8
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.