CVE Catalog

CVE-2026-53461

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile - higher than 27% of all known CVEs

Summary

In ImageMagick, prior to versions 6.9.13-50 and 7.1.2-25, the ICON decoder contains an incorrect loop that can lead to an out-of-bounds heap write, resulting in a crash.

Risk Assessment

An attacker could exploit this vulnerability to cause a denial of service (DoS) by supplying a specially crafted ICON file, potentially disrupting applications that use ImageMagick.

Recommendation

Immediately update ImageMagick to versions 6.9.13-50 or 7.1.2-25, which include a fix for this vulnerability.

Original NVD description (English source)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS