Fluid Attacks Database

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	ImageMagick	-	-
nuget	magick.net-q8-openmp-arm64	>=0 <14.11.1	14.11.1
debian 13	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.43+dfsg1-1+deb13u1 \|\| =8:7.1.1.43+dfsg1-1+deb13u2 \|\| =8:7.1.1.43+dfsg1-1+deb13u3 \|\| =8:7.1.1.43+dfsg1-1+deb13u4 \|\| =8:7.1.1.43+dfsg1-1+deb13u5 \|\| =8:7.1.1.43+dfsg1-1+deb13u6 \|\| =8:7.1.1.43+dfsg1-1+deb13u7 \|\| >=0 <8:7.1.1.43+dfsg1-1+deb13u8	8:7.1.1.43+dfsg1-1+deb13u8
rpm rhel6	ImageMagick	-	-
nuget	magick.net-q16-x86	>=0 <14.11.1	14.11.1
nuget	magick.net-q8-openmp-x64	>=0 <14.11.1	14.11.1
nuget	magick.net-q16-openmp-x86	>=0 <14.11.1	14.11.1
nuget	magick.net-q16-hdri-anycpu	>=0 <14.11.1	14.11.1
nuget	magick.net-q16-hdri-x64	>=0 <14.11.1	14.11.1
nuget	magick.net-q8-anycpu	>=0 <14.11.1	14.11.1

1-10 of 24

Aliases

1. CVE-2026-335352. NVD-2026-335353. OSV-2026-335354. OSV-DEBIAN-2026-335355. GHSA-mw3m-pqr2-qv7c6. GCVE-2026-335357. SECURITY-TRACKER-CVE-2026-33535

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c