CVE-2026-28687
Received Received - Intake
Use-After-Free Vulnerability in ImageMagick MSL Decoder

Publication date: 2026-03-10

Last updated on: 2026-03-12

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-12
Generated
2026-05-06
AI Q&A
2026-03-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-28687
EUVD
EUVD-2026-10377
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-41 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-28687 is a moderate severity heap use-after-free vulnerability in the ImageMagick MSL (Magick Scripting Language) decoder affecting versions prior to 7.1.2-16 and 6.9.13-41.

This vulnerability allows an attacker to trigger access to memory that has already been freed by crafting a malicious MSL file. The issue arises because the program reuses or references memory after it has been freed, leading to invalid pointer dereferences when the memory is reallocated and used elsewhere.

Technically, this is a use-after-free error (CWE-416) where memory is accessed after being freed, potentially causing undefined behavior or security issues.


How can this vulnerability impact me? :

The vulnerability can be exploited remotely without any privileges or user interaction by sending a crafted MSL file to the vulnerable ImageMagick software.

Its impact is primarily on availability, potentially causing denial of service or crashes due to the use-after-free condition.

There are no direct impacts on confidentiality or integrity according to the CVSS metrics.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves a heap use-after-free in the ImageMagick MSL decoder triggered by a crafted MSL file. Detection would involve monitoring for crashes or abnormal behavior in ImageMagick when processing MSL files.

Technical detection could include running ImageMagick under memory error detection tools such as AddressSanitizer to identify heap-use-after-free errors during processing of suspicious MSL files.

No specific commands for detection are provided in the available resources.


What immediate steps should I take to mitigate this vulnerability?

The primary mitigation is to upgrade ImageMagick to versions 7.1.2-16 or 6.9.13-41 or later, where this vulnerability has been fixed.

Until upgrading, avoid processing untrusted or malicious MSL files to prevent exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart