Fluid Attacks Database

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability is fixed in 7.1.2-21 and 6.9.13-46.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	imagemagick	=8:6.9.11.60+dfsg-1.6 \|\| =8:6.9.11.60+dfsg-1.6+deb12u1 \|\| =8:6.9.11.60+dfsg-1.6+deb12u2 \|\| =8:6.9.11.60+dfsg-1.6+deb12u3 \|\| =8:6.9.11.60+dfsg-1.6+deb12u4 \|\| =8:6.9.11.60+dfsg-1.6+deb12u5 \|\| =8:6.9.11.60+dfsg-1.6+deb12u6 \|\| =8:6.9.11.60+dfsg-1.6+deb12u7 \|\| =8:6.9.11.60+dfsg-1.6+deb12u8 \|\| =8:6.9.11.60+dfsg-1.6+deb12u9 \|\| >=0 <8:6.9.11.60+dfsg-1.6+deb12u10	8:6.9.11.60+dfsg-1.6+deb12u10
debian 14	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.46+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-1 \|\| =8:7.1.1.47+dfsg1-2 \|\| =8:7.1.2.1+dfsg1-1 \|\| =8:7.1.2.12+dfsg1-1 \|\| =8:7.1.2.13+dfsg1-1 \|\| =8:7.1.2.15+dfsg1-1 \|\| =8:7.1.2.15+dfsg1-2 \|\| =8:7.1.2.16+dfsg1-1 \|\| =8:7.1.2.18+dfsg1-1 \|\| =8:7.1.2.19+dfsg1-1 \|\| =8:7.1.2.3+dfsg1-1 \|\| =8:7.1.2.7+dfsg1-1 \|\| =8:7.1.2.8+dfsg1-1 \|\| >=0 <8:7.1.2.21+dfsg1-1	8:7.1.2.21+dfsg1-1
debian 13	imagemagick	=8:7.1.1.43+dfsg1-1 \|\| =8:7.1.1.43+dfsg1-1+deb13u1 \|\| =8:7.1.1.43+dfsg1-1+deb13u2 \|\| =8:7.1.1.43+dfsg1-1+deb13u3 \|\| =8:7.1.1.43+dfsg1-1+deb13u4 \|\| =8:7.1.1.43+dfsg1-1+deb13u5 \|\| =8:7.1.1.43+dfsg1-1+deb13u6 \|\| =8:7.1.1.43+dfsg1-1+deb13u7 \|\| =8:7.1.1.43+dfsg1-1+deb13u8 \|\| >=0 <8:7.1.1.43+dfsg1-1+deb13u9	8:7.1.1.43+dfsg1-1+deb13u9
debian 11	imagemagick	=8:6.9.11.60+dfsg-1.3 \|\| =8:6.9.11.60+dfsg-1.3+deb11u1 \|\| =8:6.9.11.60+dfsg-1.3+deb11u10 \|\| =8:6.9.11.60+dfsg-1.3+deb11u11 \|\| =8:6.9.11.60+dfsg-1.3+deb11u12 \|\| =8:6.9.11.60+dfsg-1.3+deb11u2 \|\| =8:6.9.11.60+dfsg-1.3+deb11u3 \|\| =8:6.9.11.60+dfsg-1.3+deb11u4 \|\| =8:6.9.11.60+dfsg-1.3+deb11u5 \|\| =8:6.9.11.60+dfsg-1.3+deb11u6 \|\| =8:6.9.11.60+dfsg-1.3+deb11u7 \|\| =8:6.9.11.60+dfsg-1.3+deb11u8 \|\| =8:6.9.11.60+dfsg-1.3+deb11u9 \|\| >=0 <8:6.9.11.60+dfsg-1.3+deb11u13	8:6.9.11.60+dfsg-1.3+deb11u13
rpm rhel6	ImageMagick	-	-
rpm rhel7	ImageMagick	-	-

Aliases

1. CVE-2026-420502. NVD-2026-420503. OSV-DEBIAN-2026-420504. OSV-2026-420505. SECURITY-TRACKER-CVE-2026-42050

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.