CVE-2026-33536
Received Received - Intake
Stack-Based Buffer Overflow in ImageMagick Causes Out-of-Bounds Write

Publication date: 2026-03-26

Last updated on: 2026-04-02

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33536
EUVD
EUVD-2026-16368
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-43 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33536 is a moderate severity stack-based buffer overflow vulnerability in the ImageMagick software, specifically in the InterpretImageFilename function.

The issue occurs because an incorrect return value on certain platforms causes a pointer to be incremented beyond the end of a stack-allocated buffer, leading to an out-of-bounds write.

This means that the software writes data outside the intended memory area on the stack, which can cause unexpected behavior or crashes.

The vulnerability affects ImageMagick versions prior to 7.1.2-18 and 6.9.13-43, with patches available in these versions.

Impact Analysis

Exploitation of this vulnerability can lead to a denial of service by corrupting the availability of the affected ImageMagick component.

Because the vulnerability causes an out-of-bounds write on the stack, it can crash the software or cause it to behave unpredictably.

The CVSS score indicates no impact on confidentiality or integrity, but a high impact on availability, meaning the main risk is service disruption rather than data breach or modification.

Detection Guidance

This vulnerability is a stack-based buffer overflow in the ImageMagick software, specifically in the InterpretImageFilename function. Detection typically involves monitoring for crashes or AddressSanitizer errors indicating stack-buffer-overflow during image processing.

Since the issue arises from an out-of-bounds write on the stack, one way to detect it is by running ImageMagick with AddressSanitizer enabled or other memory error detection tools while processing images.

There are no specific network detection commands provided in the resources. However, you can check the installed ImageMagick version to determine if it is vulnerable by running:

  • magick --version

If the version is prior to 7.1.2-18 or 6.9.13-43, it is vulnerable.

Compliance Impact

The vulnerability in ImageMagick (CVE-2026-33536) is a stack-based buffer overflow that can lead to denial of service by corrupting the availability of the affected component.

Since the vulnerability does not impact confidentiality or integrity of data, but only availability, it does not directly affect compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on protecting personal data confidentiality and integrity.

However, availability is also an important aspect of some standards, and denial of service could indirectly affect compliance if critical services relying on ImageMagick become unavailable.

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to a patched version. Versions 7.1.2-18 and 6.9.13-43 include fixes for this vulnerability.

If upgrading immediately is not possible, consider restricting access to the ImageMagick service or application to trusted users only, since the attack vector is local and requires high attack complexity.

Additionally, monitor for crashes or abnormal behavior in ImageMagick processes that could indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33536. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart