Fluid Attacks Database

Description

ImageMagick has stack buffer overflow in MagnifyImage MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.43+dfsg1-1+deb13u1 \|\| =8:7.1.1.43+dfsg1-1+deb13u2 \|\| =8:7.1.1.43+dfsg1-1+deb13u3 \|\| =8:7.1.1.43+dfsg1-1+deb13u4 \|\| =8:7.1.1.43+dfsg1-1+deb13u5 \|\| =8:7.1.1.43+dfsg1-1+deb13u6 \|\| >=0 <8:7.1.1.43+dfsg1-1+deb13u7	8:7.1.1.43+dfsg1-1+deb13u7
debian 14	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.46+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-2 \|\| =8:7.1.2.1+dfsg1-1 \|\| =8:7.1.2.12+dfsg1-1 \|\| =8:7.1.2.13+dfsg1-1 \|\| =8:7.1.2.15+dfsg1-1 \|\| =8:7.1.2.15+dfsg1-2 \|\| =8:7.1.2.3+dfsg1-1 \|\| =8:7.1.2.7+dfsg1-1 \|\| =8:7.1.2.8+dfsg1-1 \|\| >=0 <8:7.1.2.16+dfsg1-1	8:7.1.2.16+dfsg1-1
nuget	magick.net-q16-hdri-anycpu	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-hdri-arm64	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-openmp-x86	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-openmp-x64	>=0 <14.10.4	14.10.4
nuget	magick.net-q8-arm64	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-hdri-openmp-arm64	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-x86	>=0 <14.10.4	14.10.4
nuget	magick.net-q16-x64	>=0 <14.10.4	14.10.4

1-10 of 21

Aliases

1. CVE-2026-309292. NVD-2026-309293. OSV-DEBIAN-2026-309294. OSV-2026-309295. GHSA-rqq8-jh93-f4vg6. GCVE-2026-309297. SECURITY-TRACKER-CVE-2026-30929

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg2. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4