CVE-2026-31853
Integer Overflow in ImageMagick SFW Decoder Causes Crash
Publication date: 2026-03-11
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 6.9.13-41 (exc) |
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31853 is a heap-based buffer overflow vulnerability in the SFW decoder component of ImageMagick on 32-bit systems.
This vulnerability occurs when processing extremely large images, causing a buffer allocated on the heap to be overwritten beyond its boundary.
The overflow can lead to a crash of the application.
It affects ImageMagick versions prior to 7.1.2-16 and 6.9.13-41, with patches available in these versions and later.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause the ImageMagick application to crash, resulting in a denial of service.
The impact on confidentiality is none, but there is a low impact on integrity and a high impact on availability.
The attack requires local access and is complex to execute, but does not require privileges or user interaction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects the SFW decoder in ImageMagick on 32-bit systems when processing extremely large images, causing a heap-based buffer overflow and potential crash.'}, {'type': 'paragraph', 'content': 'Detection involves verifying the installed ImageMagick version and testing the processing of large SFW images to observe any crashes or abnormal behavior.'}, {'type': 'paragraph', 'content': 'You can check the installed ImageMagick version with the command:'}, {'type': 'list_item', 'content': 'convert --version'}, {'type': 'paragraph', 'content': 'If the version is prior to 7.1.2-16 or 6.9.13-41 on a 32-bit system, the system is vulnerable.'}, {'type': 'paragraph', 'content': "To test for the vulnerability, attempt to process an extremely large SFW image file using ImageMagick's convert or identify commands and monitor for crashes or errors."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade ImageMagick to version 7.1.2-16 or later, or 6.9.13-41 or later, where this vulnerability is fixed.
Additionally, avoid processing extremely large SFW images on 32-bit systems until the upgrade is applied.
Restrict local access to systems running vulnerable versions of ImageMagick to reduce the risk of exploitation, as the attack vector is local and complex.