CVE-2026-27798
Heap Buffer Over-read in ImageMagick Wavelet-Denoise Operator
Publication date: 2026-02-26
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 6.9.13-40 (exc) |
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-15 (exc) |
| dlemstra | magick.net | to 14.10.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade ImageMagick to version 7.1.2-15 or later, or 6.9.13-40 or later, where the vulnerability has been patched.
If upgrading immediately is not possible, avoid processing images with small dimensions using the -wavelet-denoise operator to prevent triggering the vulnerability.
Monitor resource limits and error logs for any signs of memory allocation failures or crashes related to wavelet denoise operations.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27798 is a heap buffer over-read vulnerability in ImageMagick's WaveletDenoise operator that occurs when processing images with small dimensions. The issue arises from incorrect memory allocation sizing in the function responsible for the wavelet denoise image processing. Specifically, the program allocated insufficient memory for pixel data, causing it to read beyond the allocated buffer boundaries by 4 bytes during the denoising operation."}, {'type': 'paragraph', 'content': 'This flaw is classified as an out-of-bounds read (CWE-125) and can lead to memory corruption or resource exhaustion errors. The vulnerability was patched by increasing the allocated memory size to properly accommodate the pixel data, preventing the over-read.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause ImageMagick to read memory beyond the allocated buffer, potentially leading to memory corruption or resource exhaustion. While the impact on confidentiality is considered low, there is no impact on integrity or availability.
Because the attack vector is local and requires no privileges or user interaction, an attacker with local access could exploit this flaw to cause a crash or unexpected behavior in the software, which might be leveraged in a broader attack scenario.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a heap buffer over-read occurring during the processing of images with small dimensions using the -wavelet-denoise operator in vulnerable versions of ImageMagick.
Detection can involve monitoring for crashes or memory errors when processing images with the -wavelet-denoise operator, especially if AddressSanitizer or similar memory error detection tools are used.
A practical approach is to test the ImageMagick installation by running the wavelet denoise command on small dimension images and observing for errors or crashes.
- Use AddressSanitizer or similar tools to detect heap-buffer-overflow errors when running wavelet denoise operations.
- Run a command like: `magick input_small_image.png -wavelet-denoise 1 output.png` and monitor for crashes or error messages.