CVE Catalog

CVE-2026-53460

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

26th percentile - higher than 26% of all known CVEs

Summary

In ImageMagick prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-memory condition.

Risk Assessment

An attacker could exploit this vulnerability to cause a denial of service (DoS) by sending a specially crafted image, potentially disrupting applications using ImageMagick.

Recommendation

Immediately update ImageMagick to version 6.9.13-50 or 7.1.2-25, which fix the missing check for maximum memory request.

Original NVD description (English source)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS