CVE-2026-33535
Received Received - Intake
Out-of-Bounds Write in ImageMagick X11 Display Causes Crash

Publication date: 2026-03-26

Last updated on: 2026-04-02

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33535
EUVD
EUVD-2026-16365
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-43 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability in ImageMagick involves an out-of-bounds write that can cause a crash, impacting availability but not confidentiality or integrity.

Since the vulnerability does not affect confidentiality or integrity of data, it is unlikely to directly impact compliance with standards such as GDPR or HIPAA, which primarily focus on protecting personal data privacy and integrity.

However, the availability impact could affect system reliability, which may be a consideration in some regulatory contexts, but no direct compliance violation is indicated.

Executive Summary

CVE-2026-33535 is a moderate severity vulnerability in ImageMagick, a software used for editing and manipulating digital images. The issue is an out-of-bounds write of a zero byte in the X11 display interaction code path. This means that the software writes data outside the allocated memory buffer, which can lead to a crash.

Impact Analysis

This vulnerability can cause ImageMagick to crash due to the out-of-bounds write. The impact is limited to availability, meaning the software may become unavailable or stop functioning properly. There is no impact on confidentiality or integrity of data.

Mitigation Strategies

To mitigate this vulnerability, you should update ImageMagick to a patched version.

  • Upgrade to ImageMagick version 7.1.2-18 or later.
  • Alternatively, upgrade to version 6.9.13-43 or later if using the 6.x branch.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33535. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart