CVE-2026-53466
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out-of-bounds read when a crafted image is processed, potentially causing a crash.
Risk Assessment
The risk involves potential disruption of image processing services, which could lead to denial of service (DoS) if the vulnerability is deliberately exploited by an attacker.
Recommendation
Immediately update ImageMagick to versions 6.9.13-51 or 7.1.2-26, which contain the fix for this vulnerability.
Original NVD description (English source)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

