CVE-2026-53461
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk27th percentile - higher than 27% of all known CVEs
Summary
In ImageMagick, prior to versions 6.9.13-50 and 7.1.2-25, the ICON decoder contains an incorrect loop that can lead to an out-of-bounds heap write, resulting in a crash.
Risk Assessment
An attacker could exploit this vulnerability to cause a denial of service (DoS) by supplying a specially crafted ICON file, potentially disrupting applications that use ImageMagick.
Recommendation
Immediately update ImageMagick to versions 6.9.13-50 or 7.1.2-25, which include a fix for this vulnerability.
Original NVD description (English source)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

