CVE-2026-53463

EUVD-2026-36190
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
𝑥
< 6.9.13-50
imagemagickimagemagick
7.0.0-0 ≤
𝑥
< 7.1.2-25
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6