Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-30929

Опубликовано: 09 мар. 2026
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

A flaw was found in ImageMagick. Processing a specially crafted image with the MagnifyImage function can cause a stack-based buffer overflow and memory corruption, leading to a denial of service and potentially arbitrary code execution.

Отчет

To exploit this issue, an attacker needs to convince a user to process a specially crafted image. Default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability to a denial of service. Due to these reasons, this vulnerability has been rated with a moderate severity.

Меры по смягчению последствий

To reduce the risk of exploitation, avoid processing untrusted images with ImageMagick. If ImageMagick is deployed in a way that it processes files from untrusted sources automatically, consider running the application inside a container or a restricted sandbox environment to limit the potential security impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickAffected
Red Hat Enterprise Linux 7ImageMagickAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=2445896ImageMagick: stack-based buffer overflow in MagnifyImage

EPSS

Процентиль: 3%
0.00015
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-30929

CVSS3: 7.7
ubuntu
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

nvd логотип

CVE-2026-30929

CVSS3: 7.7
nvd
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

debian логотип

CVE-2026-30929

CVSS3: 7.7
debian
17 дней назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-rqq8-jh93-f4vg

CVSS3: 7.7
github
15 дней назад

ImageMagick has stack buffer overflow in MagnifyImage

EPSS

Процентиль: 3%
0.00015
Низкий

6.1 Medium

CVSS3