CVE-2026-30937
Received Received - Intake
Heap Buffer Overflow in ImageMagick XWD Encoder Causes Memory Corruption

Publication date: 2026-03-10

Last updated on: 2026-03-18

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30937
EUVD
EUVD-2026-10402
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-41 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30937 is a moderate severity vulnerability in the ImageMagick software, specifically in the XWD (X Windows) encoder component.

The issue arises from a 32-bit unsigned integer overflow during the encoding process, which causes an undersized heap buffer allocation.

When processing extremely large images, this integer overflow causes the allocated heap buffer to be smaller than required, resulting in an out-of-bounds heap buffer write (heap buffer overflow).

Technically, the overflow happens due to improper handling of CARD32 arithmetic, causing the size calculation for heap allocation to wrap around.

This flaw is identified as CWE-122 (Heap-based Buffer Overflow) and CWE-190 (Integer Overflow or Wraparound).

Exploitation requires local access but no privileges or user interaction are needed.

Impact Analysis

The vulnerability can lead to an out-of-bounds heap write when processing extremely large images, which can cause instability or crashes in the ImageMagick software.

The impact includes no loss of confidentiality, low loss of integrity, but a high impact on availability.

This means that while sensitive data is unlikely to be exposed, the software or system using ImageMagick could become unavailable or unreliable due to crashes or memory corruption.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability in ImageMagick's XWD encoder can be detected by monitoring for heap-buffer-overflow errors during image processing, especially when handling extremely large images."}, {'type': 'paragraph', 'content': 'The issue was originally detected using AddressSanitizer, a tool that can identify heap buffer overflows during runtime.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you can run ImageMagick commands that process large XWD images under AddressSanitizer or similar memory error detection tools.'}, {'type': 'list_item', 'content': 'Use AddressSanitizer with ImageMagick binaries to catch heap buffer overflows.'}, {'type': 'list_item', 'content': 'Run commands like `convert large_image.xwd output.png` or `magick large_image.xwd output.png` while monitoring for memory errors.'}, {'type': 'list_item', 'content': 'Check logs or error outputs for heap-buffer-overflow or integer overflow warnings during image encoding.'}] [1]

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to a fixed version.

  • Update ImageMagick to version 7.1.2-16 or later, or 6.9.13-41 or later, where this vulnerability has been patched.
  • Avoid processing extremely large XWD images with vulnerable versions of ImageMagick.
  • Restrict local access to systems running vulnerable ImageMagick versions to reduce exploitation risk.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30937. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart