CVE-2026-45664

EUVD-2026-36163
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
𝑥
< 6.9.13-47
imagemagickimagemagick
7.0.0-0 ≤
𝑥
< 7.1.2-22
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
vulnerable
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u10
fixed
bullseye
vulnerable
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u13
fixed
forky
8:7.1.2.23+dfsg1-1
fixed
sid
8:7.1.2.24+dfsg1-1
fixed
trixie
vulnerable
trixie (security)
8:7.1.1.43+dfsg1-1+deb13u9
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ImageMagick
Amazon Linux 2
0:6.9.10.97-1.amzn2.0.29
fixed
ImageMagick-c++
Amazon Linux 2
0:6.9.10.97-1.amzn2.0.29
fixed
ImageMagick-c++-devel
Amazon Linux 2
0:6.9.10.97-1.amzn2.0.29
fixed
ImageMagick-debuginfo
Amazon Linux 2
0:6.9.10.97-1.amzn2.0.29
fixed
ImageMagick-devel
Amazon Linux 2
0:6.9.10.97-1.amzn2.0.29
fixed
ImageMagick-doc
Amazon Linux 2
0:6.9.10.97-1.amzn2.0.29
fixed
ImageMagick-perl
Amazon Linux 2
0:6.9.10.97-1.amzn2.0.29
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6