logo

Database

Out-of-bounds read In magick.net-q8-arm64

Description

ImageMagick releases an invalid pointer in BilateralBlur when memory allocation fails The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 23

10

Aliases

1. CVE-2026-227702. NVD-2026-227703. OSV-2026-227704. OSV-DEBIAN-2026-227705. GHSA-39h3-g67r-7g3c6. GCVE-2026-227707. SECURITY-TRACKER-CVE-2026-22770

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c2. https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e3. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.