5.1
CVE-2026-45624
- EPSS 0.12%
- Veröffentlicht 10.06.2026 21:29:28
- Zuletzt bearbeitet 11.06.2026 18:41:43
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imagemagick ≫ Imagemagick Version < 6.9.13-47
Imagemagick ≫ Imagemagick Version >= 7.0.0-0 < 7.1.2-22
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.021 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.1 | 2.5 | 2.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966