logo

Database

Out-of-bounds read In magick.net-q16-anycpu

Description

ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.

=================================================================
==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70
READ of size 8 at 0x506000003b40 thread T0

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 25

10

Aliases

1. CVE-2026-286922. NVD-2026-286923. OSV-2026-286924. OSV-DEBIAN-2026-286925. GHSA-mrmj-x24c-wwcv6. GCVE-2026-286927. SECURITY-TRACKER-CVE-2026-28692

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv2. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.