CVE-2026-28493
Integer Overflow in ImageMagick SIXEL Decoder Causes OOB Access
Publication date: 2026-03-10
Last updated on: 2026-03-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 7.1.2-16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28493 is an integer overflow vulnerability in the SIXEL decoder component of ImageMagick versions prior to 7.1.2-16.
This flaw allows an attacker to trigger an out-of-bounds write by supplying a specially crafted image, potentially leading to memory corruption.
The vulnerability arises because the decoder performs calculations that can overflow an integer variable, causing it to wrap around to a smaller or negative value, which is then used improperly in memory operations.
The underlying weakness is classified under CWE-190 (Integer Overflow or Wraparound), where calculations assume values will not exceed the maximum representable integer, leading to erroneous behavior when this assumption is violated.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption through an out-of-bounds write, which may cause disruption or denial of service.
The impact on confidentiality is none, but it has a low impact on integrity and a high impact on availability.
An attacker can exploit this vulnerability remotely over the network without requiring privileges or user interaction, although the attack complexity is high.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects ImageMagick versions prior to 7.1.2-16, specifically in the SIXEL decoder component. To detect if your system is vulnerable, you should first check the installed version of ImageMagick.
- Run the command `magick -version` or `convert -version` to determine the installed ImageMagick version.
- If the version is older than 7.1.2-16, your system is vulnerable.
There are no specific network detection commands or signatures provided for this vulnerability, as it requires a specially crafted image to trigger the issue. Monitoring for unusual crashes or memory corruption in ImageMagick processes when processing SIXEL images may help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade ImageMagick to version 7.1.2-16 or later, where this integer overflow vulnerability in the SIXEL decoder has been fixed.
- Update ImageMagick to version 7.1.2-16 or newer.
- If upgrading immediately is not possible, consider disabling or restricting processing of SIXEL images to prevent exploitation.
- Monitor ImageMagick processes for crashes or abnormal behavior that could indicate exploitation attempts.