Fluid Attacks Database

Description

ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder An extremely large image profile could result in a heap overflow when encoding a PNG image.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q16-hdri-x64	>=0 <14.10.4	14.10.4
debian 14	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.46+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-2 \|\| =8:7.1.2.1+dfsg1-1 \|\| =8:7.1.2.12+dfsg1-1 \|\| =8:7.1.2.13+dfsg1-1 \|\| =8:7.1.2.15+dfsg1-1 \|\| =8:7.1.2.15+dfsg1-2 \|\| =8:7.1.2.3+dfsg1-1 \|\| =8:7.1.2.7+dfsg1-1 \|\| =8:7.1.2.8+dfsg1-1 \|\| >=0 <8:7.1.2.16+dfsg1-1	8:7.1.2.16+dfsg1-1
nuget	magick.net-q16-hdri-anycpu	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-hdri-x86	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-openmp-x64	>=0 <14.10.4	14.10.4
nuget	magick.net-q8-x86	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-x64	>=0 <14.10.4	14.10.4
debian 11	imagemagick	=8:6.9.11.60+dfsg-1.3 \|\| =8:6.9.11.60+dfsg-1.3+deb11u1 \|\| =8:6.9.11.60+dfsg-1.3+deb11u10 \|\| =8:6.9.11.60+dfsg-1.3+deb11u2 \|\| =8:6.9.11.60+dfsg-1.3+deb11u3 \|\| =8:6.9.11.60+dfsg-1.3+deb11u4 \|\| =8:6.9.11.60+dfsg-1.3+deb11u5 \|\| =8:6.9.11.60+dfsg-1.3+deb11u6 \|\| =8:6.9.11.60+dfsg-1.3+deb11u7 \|\| =8:6.9.11.60+dfsg-1.3+deb11u8 \|\| =8:6.9.11.60+dfsg-1.3+deb11u9 \|\| >=0 <8:6.9.11.60+dfsg-1.3+deb11u11	8:6.9.11.60+dfsg-1.3+deb11u11
nuget	magick.net-q16-openmp-arm64	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-openmp-x86	>=0 <14.10.4	14.10.4

1-10 of 25

Aliases

1. CVE-2026-308832. NVD-2026-308833. OSV-2026-308834. OSV-DEBIAN-2026-308835. GHSA-qmw5-2p58-xvrc6. GCVE-2026-308837. SECURITY-TRACKER-CVE-2026-30883

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc2. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4