CVE-2026-45358
Received Received - Intake
Off-by-One Out-of-Bounds Read in ImageMagick

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-45358
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-47|end_excluding=7.1.2-22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-193 A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, there was an off-by-one error in the meta encoder component. This error could cause an out-of-bounds read of a single byte in the meta encoder, potentially leading to unexpected behavior or information disclosure.

Impact Analysis

The vulnerability can lead to an out-of-bounds read of a single byte, which may result in limited information disclosure. According to the CVSS score of 5.3, the impact is considered moderate with a low attack complexity and no privileges or user interaction required. The confidentiality impact is low, while integrity and availability are not affected.

Mitigation Strategies

To mitigate this vulnerability, update ImageMagick to version 6.9.13-47 or later, or version 7.1.2-22 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45358. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart