CVE-2026-32259
Stack-Based Buffer Overflow in ImageMagick Sixel Encoder
Publication date: 2026-03-12
Last updated on: 2026-03-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 6.9.13-41 (exc) |
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32259 is a moderate severity vulnerability in the sixel encoder component of ImageMagick, a software used for editing and manipulating digital images.
The issue occurs when a memory allocation fails in the sixel encoder, which can cause writes beyond the end of a buffer allocated on the stack. This is known as a stack-based buffer overflow (CWE-121).
This overflow can lead to arbitrary code execution or cause the application to crash.
The vulnerability affects ImageMagick versions prior to 7.1.2-16 and 6.9.13-41, where patches have been applied to fix the issue.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with local access to modify data and disrupt the availability of the ImageMagick application.
- No confidentiality impact is expected, so sensitive data is not directly exposed.
- However, the integrity impact is high, meaning an attacker can alter data processed by the vulnerable component.
- The availability impact is also high, so the attacker can cause the application to crash or become unavailable.
Exploitation requires local access and is considered difficult due to high attack complexity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a stack-based buffer overflow in the sixel encoder component of ImageMagick that occurs when a memory allocation fails. Detection typically involves verifying the installed ImageMagick version to see if it is prior to the patched versions 7.1.2-16 or 6.9.13-41.
Since the attack vector is local and requires no privileges or user interaction, network-based detection is unlikely to be effective. Instead, checking the version of ImageMagick installed on your system is the primary method.
- Run the command `convert --version` or `magick --version` to determine the installed ImageMagick version.
- If the version is older than 7.1.2-16 or 6.9.13-41, the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update ImageMagick to a fixed version.
- Upgrade ImageMagick to version 7.1.2-16 or later, or 6.9.13-41 or later, where this vulnerability has been patched.
Since the vulnerability requires local access and has a high attack complexity, limiting local access to trusted users and monitoring for unusual application crashes or behavior can also help reduce risk.