CVE-2026-27798
Received Received - Intake
Heap Buffer Over-read in ImageMagick Wavelet-Denoise Operator

Publication date: 2026-02-26

Last updated on: 2026-02-27

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27798
EUVD
EUVD-2026-8771
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-40 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-15 (exc)
dlemstra magick.net to 14.10.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The primary mitigation is to upgrade ImageMagick to version 7.1.2-15 or later, or 6.9.13-40 or later, where the vulnerability has been patched.

If upgrading immediately is not possible, avoid processing images with small dimensions using the -wavelet-denoise operator to prevent triggering the vulnerability.

Monitor resource limits and error logs for any signs of memory allocation failures or crashes related to wavelet denoise operations.

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27798 is a heap buffer over-read vulnerability in ImageMagick's WaveletDenoise operator that occurs when processing images with small dimensions. The issue arises from incorrect memory allocation sizing in the function responsible for the wavelet denoise image processing. Specifically, the program allocated insufficient memory for pixel data, causing it to read beyond the allocated buffer boundaries by 4 bytes during the denoising operation."}, {'type': 'paragraph', 'content': 'This flaw is classified as an out-of-bounds read (CWE-125) and can lead to memory corruption or resource exhaustion errors. The vulnerability was patched by increasing the allocated memory size to properly accommodate the pixel data, preventing the over-read.'}] [1, 2]

Impact Analysis

This vulnerability can cause ImageMagick to read memory beyond the allocated buffer, potentially leading to memory corruption or resource exhaustion. While the impact on confidentiality is considered low, there is no impact on integrity or availability.

Because the attack vector is local and requires no privileges or user interaction, an attacker with local access could exploit this flaw to cause a crash or unexpected behavior in the software, which might be leveraged in a broader attack scenario.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a heap buffer over-read occurring during the processing of images with small dimensions using the -wavelet-denoise operator in vulnerable versions of ImageMagick.

Detection can involve monitoring for crashes or memory errors when processing images with the -wavelet-denoise operator, especially if AddressSanitizer or similar memory error detection tools are used.

A practical approach is to test the ImageMagick installation by running the wavelet denoise command on small dimension images and observing for errors or crashes.

  • Use AddressSanitizer or similar tools to detect heap-buffer-overflow errors when running wavelet denoise operations.
  • Run a command like: `magick input_small_image.png -wavelet-denoise 1 output.png` and monitor for crashes or error messages.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27798. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart