CVE-2026-22770

MEDIUM

ImageMagick <7.1.2-13 - Memory Corruption

Title source: llm

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.

References (2)

[Vendor Advisory] https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c

[Patch] https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 20.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-763

Status published

Products (20)

imagemagick/imagemagick < 7.1.2-13

nuget/Magick.NET-Q16-AnyCPU 0 - 14.10.2NuGet

nuget/Magick.NET-Q16-arm64 0 - 14.10.2NuGet

nuget/Magick.NET-Q16-HDRI-AnyCPU 0 - 14.10.2NuGet

nuget/Magick.NET-Q16-HDRI-arm64 0 - 14.10.2NuGet

nuget/Magick.NET-Q16-HDRI-OpenMP-arm64 0 - 14.10.2NuGet

nuget/Magick.NET-Q16-HDRI-OpenMP-x64 0 - 14.10.2NuGet

nuget/Magick.NET-Q16-HDRI-x64 0 - 14.10.2NuGet

nuget/Magick.NET-Q16-HDRI-x86 0 - 14.10.2NuGet

nuget/Magick.NET-Q16-OpenMP-arm64 0 - 14.10.2NuGet

... and 10 more

Published Jan 20, 2026

Tracked Since Feb 18, 2026