CVE-2026-53460
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
In ImageMagick prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-memory condition.
Risk Assessment
An attacker could exploit this vulnerability to cause a denial of service (DoS) by sending a specially crafted image, potentially disrupting applications using ImageMagick.
Recommendation
Immediately update ImageMagick to version 6.9.13-50 or 7.1.2-25, which fix the missing check for maximum memory request.
Original NVD description (English source)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

