Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-30883

Опубликовано: 09 мар. 2026
Источник: redhat
CVSS3: 5.7

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A local attacker could exploit this vulnerability by providing an extremely large image profile when encoding a PNG image. This could result in a heap overflow, leading to a Denial of Service (DoS), which makes the affected system or application unavailable to legitimate users.

Отчет

This MODERATE impact vulnerability in ImageMagick affects Red Hat Enterprise Linux 6 ELS and 7 ELS. A heap overflow can occur when processing an extremely large image profile during PNG encoding. Exploitation requires an attacker to provide a specially crafted image file for processing.

Меры по смягчению последствий

To mitigate this issue, avoid processing untrusted or maliciously crafted image files with ImageMagick. Users should exercise caution when handling image files from unknown or suspicious sources.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2445878ImageMagick: ImageMagick: Denial of Service due to heap overflow when processing large image profiles

5.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-30883

CVSS3: 5.7
ubuntu
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

nvd логотип

CVE-2026-30883

CVSS3: 5.7
nvd
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

debian логотип

CVE-2026-30883

CVSS3: 5.7
debian
17 дней назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-qmw5-2p58-xvrc

CVSS3: 5.7
github
17 дней назад

ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder

5.7 Medium

CVSS3