CVE Catalog

CVE-2026-53466

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out-of-bounds read when a crafted image is processed, potentially causing a crash.

Risk Assessment

The risk involves potential disruption of image processing services, which could lead to denial of service (DoS) if the vulnerability is deliberately exploited by an attacker.

Recommendation

Immediately update ImageMagick to versions 6.9.13-51 or 7.1.2-26, which contain the fix for this vulnerability.

Original NVD description (English source)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS