CVE-2026-33902
Received Received - Intake
Stack Overflow in ImageMagick FX Parser Causes Process Crash

Publication date: 2026-04-13

Last updated on: 2026-04-17

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-33902
EUVD
EUVD-2026-22106
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-44 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-19 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack overflow issue in the FX expression parser of ImageMagick, a software used for editing and manipulating digital images. It occurs in versions below 7.1.2-19 and 6.9.13-44 when an attacker provides a deeply nested expression, causing the process to crash.

Impact Analysis

The vulnerability can cause the ImageMagick process to crash, leading to a denial of service. This means that an attacker could disrupt the normal operation of systems using vulnerable versions of ImageMagick by exploiting this stack overflow.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade ImageMagick to version 7.1.2-19 or later, or version 6.9.13-44 or later, as these versions contain the fix for the stack overflow issue in the FX expression parser.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33902. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart