CVE-2026-42050
Heap Overflow in ImageMagick via Malicious MIFF File
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 7.1.2-21 (exc) |
| imagemagick | imagemagick | to 6.9.13-46 (exc) |
| image_magick | image_magick | to 7.1.2-21|end_excluding=6.9.13-46 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability primarily impacts system availability due to a stack buffer overflow triggered by a malicious MIFF file. It does not affect confidentiality or integrity of data.
Since the vulnerability does not compromise confidentiality or integrity, it is unlikely to directly affect compliance with standards and regulations such as GDPR or HIPAA, which focus heavily on protecting personal data privacy and integrity.
Can you explain this vulnerability to me?
CVE-2026-42050 is a stack buffer overflow vulnerability in the XTileImage component of ImageMagick versions prior to 7.1.2-21 and 6.9.13-46.
The issue occurs when a user opens a specially crafted malicious MIFF file in the ImageMagick display tool and then right-clicks a tile to select the Load / Update menu item, which triggers the overflow.
This vulnerability requires local access, no privileges, and user interaction to be exploited.
How can this vulnerability impact me? :
The primary impact of this vulnerability is on system availability due to the stack buffer overflow.
There is no impact on confidentiality or integrity, meaning it does not directly lead to data leaks or unauthorized data modification.
Exploitation requires local access and user interaction, so remote attackers cannot exploit it without user involvement.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when a user opens a malicious MIFF file in the ImageMagick display tool and right-clicks a tile to select the Load / Update menu item, triggering a stack buffer overflow.
Detection involves identifying usage of vulnerable ImageMagick versions prior to 7.1.2-21 and 6.9.13-46 and monitoring for attempts to open suspicious MIFF files locally.
Since the vulnerability requires local user interaction, network detection is limited. However, you can check the installed ImageMagick version with commands like:
- imagemagick -version
- convert -version
Additionally, monitoring system logs for crashes or abnormal behavior when opening MIFF files in the display tool may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade ImageMagick to version 7.1.2-21 or later, or 6.9.13-46 or later, where this vulnerability is fixed.
Until the upgrade is applied, avoid opening untrusted or suspicious MIFF files in the ImageMagick display tool, especially avoiding right-clicking tiles to invoke the Load / Update menu item.
Restrict local user access to systems running vulnerable versions to reduce the risk of exploitation.