CVE-2026-46692

MEDIUM

ImageMagick: Heap Buffer Over-Write in distributed pixel cache server

Title source: cna
STIX 2.1

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

References (1)

Core 1
Core References

Scores

CVSS v3 4.1
EPSS 0.0013
EPSS Percentile 2.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-122
Status published
Products (3)
imagemagick/imagemagick < 6.9.13-48
ImageMagick/ImageMagick < 6.9.13-48
ImageMagick/ImageMagick < 7.1.2-23
Published Jun 10, 2026
Tracked Since Jun 11, 2026