CVE-2026-32636
Received Received - Intake
Out-of-Bounds Write in ImageMagick NewXMLTree Causes Crash

Publication date: 2026-03-18

Last updated on: 2026-03-19

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-19
Generated
2026-05-07
AI Q&A
2026-03-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32636
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-42 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-32636 is a moderate severity vulnerability in ImageMagick, specifically in the NewXMLTree method. The issue is a heap-based buffer overflow caused by an out-of-bounds write of a single zero byte. This bug can cause the application to crash.


How can this vulnerability impact me? :

This vulnerability can lead to a crash of the ImageMagick application, resulting in a denial of service. It does not affect confidentiality or integrity but has a low impact on availability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability affects ImageMagick versions prior to 7.1.2-17 and 6.9.13-42. To detect if your system is vulnerable, you should first check the installed version of ImageMagick.

  • Run the command `magick -version` or `convert -version` to determine the installed ImageMagick version.
  • If the version is older than 7.1.2-17 or 6.9.13-42, your system is potentially vulnerable.

Since the vulnerability causes a crash due to a heap-based buffer overflow in the NewXMLTree method, monitoring application logs for crashes or abnormal terminations of ImageMagick-related processes may also help detect exploitation attempts.


What immediate steps should I take to mitigate this vulnerability?

The primary mitigation step is to update ImageMagick to a fixed version.

  • Upgrade ImageMagick to version 7.1.2-17 or later, or 6.9.13-42 or later, where the vulnerability in the NewXMLTree method has been patched.
  • If you are using Magick.NET, update to version 14.11.0 or later, which includes the patched ImageMagick 7.1.2-17.

Additionally, review and tighten file creation permissions as done in the updated releases (e.g., changing file creation access modes from 0666 to 0600) to enhance security.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart