Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-28688

Опубликовано: 10 мар. 2026
Источник: debian
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:7.1.2.16+dfsg1-1package

Примечания

  • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c

  • Fixed by: https://github.com/ImageMagick/ImageMagick/commit/40cfaa7b38729eb6a2808c9b94d6baa2fae6219b (7.1.2-14)

  • Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e2d5b4ff0fb6abf2370af4b3dc483934b4dd63ff (7.1.2-14)

EPSS

Процентиль: 13%
0.00042
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-28688

CVSS3: 4
ubuntu
16 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

redhat логотип

CVE-2026-28688

CVSS3: 5.5
redhat
16 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

nvd логотип

CVE-2026-28688

CVSS3: 4
nvd
16 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

github логотип

GHSA-xxw5-m53x-j38c

CVSS3: 4
github
13 дней назад

ImageMagick has heap use-after-free in the MSL encoder

EPSS

Процентиль: 13%
0.00042
Низкий