7.1
CVE-2026-45359
- EPSS 0.12%
- Veröffentlicht 10.06.2026 21:26:32
- Zuletzt bearbeitet 30.06.2026 03:20:03
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-22.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imagemagick ≫ Imagemagick Version < 6.9.13-48
Imagemagick ≫ Imagemagick Version >= 7.0.0-0 < 7.1.2-22
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.023 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.7 | 1.4 | 4.2 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhrh-72hq-w8m7
https://access.redhat.com/security/cve/CVE-2026-45359
https://bugzilla.redhat.com/show_bug.cgi?id=2487737
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45359.json