CVE-2026-48994
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
ImageMagick prior to versions 6.9.13-48 and 7.1.2-24 had a missing check of a return value, which could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
Risk Assessment
Heap buffer over-write may lead to unauthorized memory access, posing a risk to the integrity and confidentiality of data within the organization.
Recommendation
It is recommended to update ImageMagick to versions 6.9.13-48 or 7.1.2-24 to mitigate this vulnerability.
Original NVD description (English source)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

