logo

Database

Out-of-bounds read In magick.net-q8-arm64

Description

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

Description

A heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image.

Expected Impact

Information disclosure leading to potential exposure of sensitive data from server memory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 21

10

Aliases

1. CVE-2026-244812. NVD-2026-244813. OSV-2026-244814. OSV-DEBIAN-2026-244815. GHSA-96pc-27rx-pr366. GCVE-2026-244817. SECURITY-TRACKER-CVE-2026-24481

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr362. https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c973. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-I8NME – Vulnerability | Fluid Attacks Database