CVE-2026-30936
Received Received - Intake
Out-of-Bounds Heap Write in ImageMagick WaveletDenoise

Publication date: 2026-03-10

Last updated on: 2026-03-11

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30936
EUVD
EUVD-2026-10401
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-41 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30936 is a moderate severity heap buffer overflow vulnerability in the ImageMagick software, specifically within the WaveletDenoiseImage function.

This vulnerability occurs when processing a crafted image using the -wavelet-denoise operation, which can trigger an out-of-bounds heap write leading to memory corruption.

The issue affects ImageMagick versions prior to 7.1.2-16 and 6.9.13-41 and has been fixed in these versions.

Technically, it is a heap-based buffer overflow (CWE-122) where a write operation of 4 bytes occurs outside the allocated heap buffer.

Impact Analysis

Exploitation of this vulnerability requires local access and user interaction but no special privileges.

The primary impact is a loss of availability, meaning it can cause a denial of service by crashing or destabilizing the ImageMagick process.

There is no impact on confidentiality or integrity according to the CVSS metrics.

Compliance Impact

I don't know

Detection Guidance

This vulnerability occurs when processing a crafted image using the -wavelet-denoise operation in vulnerable versions of ImageMagick. Detection involves identifying if your system is running a vulnerable version of ImageMagick prior to 7.1.2-16 or 6.9.13-41.

You can check the installed ImageMagick version with the following command:

  • magick -version

To detect attempts to exploit this vulnerability, monitor for crashes or AddressSanitizer errors related to heap-buffer-overflow during image processing, especially when the -wavelet-denoise operation is used.

There are no specific network detection commands provided, as the attack vector is local and requires user interaction.

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to a fixed version, specifically version 7.1.2-16 or later, or 6.9.13-41 or later.

Until the upgrade can be applied, avoid processing untrusted images with the -wavelet-denoise operation to prevent triggering the vulnerability.

Additionally, monitor your systems for crashes or abnormal behavior during image processing to detect potential exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30936. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart