logo

Database

Out-of-bounds read In imagemagick

Description

ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.

=================================================================
==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150
READ of size 8 at 0x527000011550 thread T0

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 25

10

Aliases

1. CVE-2026-286872. NVD-2026-286873. OSV-DEBIAN-2026-286874. OSV-2026-286875. GHSA-fpvf-frm6-625q6. GCVE-2026-286877. SECURITY-TRACKER-CVE-2026-28687

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q2. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.