CVE-2026-31853

Опубликовано: 11 мар. 2026

Источник: nvd

CVSS3: 5.7

CVSS3: 5.5

EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Ссылки

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия до 6.9.13-41 (исключая)

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия от 7.0.0-0 (включая) до 7.1.2-16 (исключая)

EPSS

Процентиль: 3%

0.00014

Низкий

5.7 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-122

Связанные уязвимости

CVE-2026-31853

CVSS3: 5.7

ubuntu

16 дней назад

CVE-2026-31853

CVSS3: 5.5

redhat

16 дней назад

A flaw was found in ImageMagick. An overflow on 32-bit systems in the SFW decoder can lead to a crash when processing extremely large images. This vulnerability could allow an attacker to cause a Denial of Service (DoS) by providing a specially crafted large image.

CVE-2026-31853

CVSS3: 5.7

debian

16 дней назад

ImageMagick is free and open-source software used for editing and mani ...

GHSA-56jp-jfqg-f8f4

CVSS3: 5.7

github

17 дней назад

ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder

EPSS

Процентиль: 3%

0.00014

Низкий

5.7 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-122