Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-30936

Опубликовано: 09 мар. 2026
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted image to a user, which, when processed with the -wavelet-denoise operation, could lead to an out-of-bounds heap write. This issue can result in a denial of service (DoS), causing the application to become unstable or crash.

Отчет

This is a MODERATE impact vulnerability. ImageMagick in Red Hat Enterprise Linux 6 ELS and 7 ELS is affected by a heap buffer overflow. This flaw occurs when processing a specially crafted image using the -wavelet-denoise operation, which could lead to an out-of-bounds write. Exploitation requires user interaction to process the malicious image.

Меры по смягчению последствий

To reduce the risk of exploitation, avoid processing untrusted or unverified image files with ImageMagick. Users should exercise caution when handling images from unknown sources. Additionally, consider restricting ImageMagick's capabilities through its policy file to limit exposure to potentially vulnerable operations or file formats.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2445880ImageMagick: ImageMagick: Denial of Service via crafted image processing

EPSS

Процентиль: 4%
0.00018
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-30936

CVSS3: 5.5
ubuntu
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

nvd логотип

CVE-2026-30936

CVSS3: 5.5
nvd
17 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

debian логотип

CVE-2026-30936

CVSS3: 5.5
debian
17 дней назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-5ggv-92r5-cp4p

CVSS3: 5.5
github
15 дней назад

ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage

EPSS

Процентиль: 4%
0.00018
Низкий

5.5 Medium

CVSS3