Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-30935

Опубликовано: 09 мар. 2026
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16.

A flaw was found in ImageMagick. Processing a specially crafted image with the -bilateral-blur operation in the BilateralBlurImage function can cause a heap-based buffer over-read due to an incorrect conversion, leading to a denial of service.

Отчет

To exploit this flaw, an attacker needs to convince a user to process a specially crafted image with the -bilateral-blur operation. Additionally, this issue can cause a heap-based buffer over-read of only 4 bytes, limiting the security impact to a denial of service. Due to these reasons, this vulnerability has been rated with a moderate severity.

Меры по смягчению последствий

To reduce the risk of exploitation, avoid processing untrusted image files using the -bilateral-blur operation with ImageMagick. If ImageMagick is deployed in a way that it processes files from untrusted sources automatically, consider running the application inside a container or a restricted sandbox environment to limit the potential security impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickFix deferred
Red Hat Enterprise Linux 7ImageMagickFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2445899ImageMagick: heap-based buffer over-read in BilateralBlurImage

EPSS

Процентиль: 2%
0.00014
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-30935

CVSS3: 4.4
ubuntu
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16.

nvd логотип

CVE-2026-30935

CVSS3: 4.4
nvd
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16.

debian логотип

CVE-2026-30935

CVSS3: 4.4
debian
17 дней назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-cqw9-w2m7-r2m2

CVSS3: 4.4
github
15 дней назад

ImageMagick has Heap Buffer Over-Read in BilateralBlurImage

EPSS

Процентиль: 2%
0.00014
Низкий

5.5 Medium

CVSS3