CVE-2026-32259
Received Received - Intake

Stack-Based Buffer Overflow in ImageMagick Sixel Encoder

Vulnerability report for CVE-2026-32259, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-12

Last updated on: 2026-03-18

Assigner: GitHub, Inc.

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-12
Last Modified
2026-03-18
Generated
2026-07-06
AI Q&A
2026-03-12
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-41 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-16 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-32259 is a moderate severity vulnerability in the sixel encoder component of ImageMagick, a software used for editing and manipulating digital images.

The issue occurs when a memory allocation fails in the sixel encoder, which can cause writes beyond the end of a buffer allocated on the stack. This is known as a stack-based buffer overflow (CWE-121).

This overflow can lead to arbitrary code execution or cause the application to crash.

The vulnerability affects ImageMagick versions prior to 7.1.2-16 and 6.9.13-41, where patches have been applied to fix the issue.

Impact Analysis

This vulnerability can impact you by allowing an attacker with local access to modify data and disrupt the availability of the ImageMagick application.

  • No confidentiality impact is expected, so sensitive data is not directly exposed.
  • However, the integrity impact is high, meaning an attacker can alter data processed by the vulnerable component.
  • The availability impact is also high, so the attacker can cause the application to crash or become unavailable.

Exploitation requires local access and is considered difficult due to high attack complexity.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a stack-based buffer overflow in the sixel encoder component of ImageMagick that occurs when a memory allocation fails. Detection typically involves verifying the installed ImageMagick version to see if it is prior to the patched versions 7.1.2-16 or 6.9.13-41.

Since the attack vector is local and requires no privileges or user interaction, network-based detection is unlikely to be effective. Instead, checking the version of ImageMagick installed on your system is the primary method.

  • Run the command `convert --version` or `magick --version` to determine the installed ImageMagick version.
  • If the version is older than 7.1.2-16 or 6.9.13-41, the system is vulnerable.
Mitigation Strategies

The primary mitigation step is to update ImageMagick to a fixed version.

  • Upgrade ImageMagick to version 7.1.2-16 or later, or 6.9.13-41 or later, where this vulnerability has been patched.

Since the vulnerability requires local access and has a high attack complexity, limiting local access to trusted users and monitoring for unusual application crashes or behavior can also help reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32259. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart