CVE-2026-40169

MEDIUM

ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders

Title source: cna

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.

References (4)

Scores

CVSS v3 6.2
EPSS 0.0001
EPSS Percentile 0.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-122 CWE-787
Status published
Products (19)
imagemagick/imagemagick < 7.1.2-19
ImageMagick/ImageMagick < 7.1.2-19
nuget/Magick.NET-Q16-AnyCPU 0 - 14.12.0NuGet
nuget/Magick.NET-Q16-arm64 0 - 14.12.0NuGet
nuget/Magick.NET-Q16-HDRI-AnyCPU 0 - 14.12.0NuGet
nuget/Magick.NET-Q16-HDRI-arm64 0 - 14.12.0NuGet
nuget/Magick.NET-Q16-HDRI-OpenMP-arm64 0 - 14.12.0NuGet
nuget/Magick.NET-Q16-HDRI-x64 0 - 14.12.0NuGet
nuget/Magick.NET-Q16-HDRI-x86 0 - 14.12.0NuGet
nuget/Magick.NET-Q16-OpenMP-arm64 0 - 14.12.0NuGet
... and 9 more
Published Apr 13, 2026
Tracked Since Apr 14, 2026