CVE-2026-32259

MEDIUM

ImageMagick <7.1.2-16/6.9.13-41 - Memory Corruption

Title source: llm

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

References (1)

[Vendor Advisory] https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3

Scores

CVSS v3 6.7

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-121

Status published

Products (1)

imagemagick/imagemagick < 6.9.13-41

Published Mar 12, 2026

Tracked Since Mar 13, 2026