CVE-2026-27799
Received Received - Intake

Heap Buffer Over-Read in ImageMagick DJVU Handler Causes Memory Disclosure

Vulnerability report for CVE-2026-27799, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-26

Last updated on: 2026-02-27

Assigner: GitHub, Inc.

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-26
Last Modified
2026-02-27
Generated
2026-07-06
AI Q&A
2026-02-26
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-40 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-15 (exc)
dlemstra magick.net to 14.10.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

I don't know

Detection Guidance

I don't know

Executive Summary

CVE-2026-27799 is a heap buffer over-read vulnerability in the DJVU image format handler of ImageMagick, a software used for editing and manipulating digital images.

The vulnerability occurs because of integer truncation when calculating the stride (row size) for pixel buffer allocation. Specifically, the stride calculation overflows a 32-bit signed integer, which causes out-of-bounds memory reads on the heap.

This issue was fixed by changing the data type of the stride variable from a signed integer to an unsigned size type (size_t) to prevent overflow and ensure correct memory allocation.

Impact Analysis

This vulnerability can lead to out-of-bounds memory reads, which may cause memory corruption or crashes when processing DjVu images with vulnerable versions of ImageMagick.

The impact on a system includes potential low-level integrity and availability issues, such as unexpected behavior or denial of service, but it does not affect confidentiality.

Exploitation requires local access and is complex, but no privileges or user interaction are needed.

Mitigation Strategies

To mitigate the CVE-2026-27799 vulnerability in ImageMagick, you should upgrade ImageMagick to version 7.1.2-15 or later, or 6.9.13-40 or later, as these versions contain the patch that fixes the heap buffer over-read issue in the DJVU image format handler.

The patch corrects the integer overflow by changing the data type of the stride variable from a signed int to size_t, preventing out-of-bounds memory reads during pixel buffer allocation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27799. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart