CVE-2026-28691
Uninitialized Pointer Dereference in ImageMagick JBIG Decoder
Publication date: 2026-03-10
Last updated on: 2026-03-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 6.9.13-41 (exc) |
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
| CWE-252 | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28691 is a high-severity vulnerability affecting the JBIG decoder component of ImageMagick, a software used for editing and manipulating digital images.
The vulnerability is caused by an uninitialized pointer dereference due to a missing check in the decoder code. This means the software uses pointers that have not been properly initialized, which can lead to unexpected behavior.
An attacker can exploit this flaw remotely over a network without needing any privileges or user interaction.
The issue is related to CWE-252 (Unchecked Return Value) and CWE-824 (Access of Uninitialized Pointer).
The vulnerability has been fixed in ImageMagick versions 7.1.2-16 and 6.9.13-41.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service (DoS) condition.
Specifically, exploiting the uninitialized pointer dereference can crash the affected ImageMagick component, making the service unavailable.
There is no impact on confidentiality or integrity, so data theft or modification is not a concern with this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects ImageMagick versions prior to 7.1.2-16 and 6.9.13-41. To detect if your system is vulnerable, you should first check the installed version of ImageMagick.
- Run the command `magick -version` or `convert -version` to determine the installed ImageMagick version.
- If the version is older than 7.1.2-16 or 6.9.13-41, your system is vulnerable.
Since the vulnerability is a remote denial of service via the JBIG decoder, monitoring for crashes or service interruptions related to ImageMagick when processing JBIG images may also indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade ImageMagick to a fixed version.
- Update ImageMagick to version 7.1.2-16 or later, or 6.9.13-41 or later, where the vulnerability has been patched.
- If immediate upgrade is not possible, consider restricting or disabling processing of JBIG images to prevent triggering the vulnerable code.
- Monitor ImageMagick services for crashes or abnormal behavior that could indicate exploitation attempts.