Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-31853

Опубликовано: 11 мар. 2026
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A flaw was found in ImageMagick. An overflow on 32-bit systems in the SFW decoder can lead to a crash when processing extremely large images. This vulnerability could allow an attacker to cause a Denial of Service (DoS) by providing a specially crafted large image.

Отчет

This MODERATE impact flaw in ImageMagick affects 32-bit systems. An attacker could trigger a denial of service by providing a specially crafted, extremely large image for processing by the SFW decoder. This vulnerability is applicable to Red Hat Enterprise Linux 6 ELS and 7 ELS when running on 32-bit architectures.

It is important to note that ImageMagick has been removed from Red Hat Enterprise Linux 8 and later releases. Therefore, current supported RHEL 8 and newer systems are not affected by this issue unless ImageMagick is installed from third-party or custom repositories. For additional information, refer to https://access.redhat.com/solutions/4437561.

Меры по смягчению последствий

Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. To reduce the risk of denial of service, avoid processing untrusted or excessively large SFW (Structured Fax File) images with ImageMagick on 32-bit systems.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2446690imagemagick: ImageMagick: Denial of Service via overflow in SFW decoder when processing large images on 32-bit systems

EPSS

Процентиль: 3%
0.00014
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-31853

CVSS3: 5.7
ubuntu
16 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

nvd логотип

CVE-2026-31853

CVSS3: 5.7
nvd
16 дней назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

debian логотип

CVE-2026-31853

CVSS3: 5.7
debian
16 дней назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-56jp-jfqg-f8f4

CVSS3: 5.7
github
16 дней назад

ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder

EPSS

Процентиль: 3%
0.00014
Низкий

5.5 Medium

CVSS3