Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-28493

Опубликовано: 09 мар. 2026
Источник: redhat
CVSS3: 6.5

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16.

A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service (DoS) and potentially information disclosure.

Отчет

This MODERATE impact vulnerability affects ImageMagick in Red Hat Enterprise Linux and Community Projects. An integer overflow in the SIXEL decoder can lead to an out-of-bounds write when processing a specially crafted image, potentially resulting in a denial of service or other undefined behavior.

Меры по смягчению последствий

To mitigate this issue, avoid processing untrusted SIXEL image files with ImageMagick. If ImageMagick must process untrusted content, consider running it within a sandboxed environment to limit potential impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2445883ImageMagick: ImageMagick: Denial of Service and information disclosure via integer overflow in SIXEL decoder

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-28493

CVSS3: 6.5
ubuntu
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16.

nvd логотип

CVE-2026-28493

CVSS3: 6.5
nvd
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16.

debian логотип

CVE-2026-28493

CVSS3: 6.5
debian
17 дней назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-r39q-jr8h-gcq2

CVSS3: 6.5
github
15 дней назад

ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder

6.5 Medium

CVSS3