CVE-2026-46557
Analyzed Analyzed - Analysis Complete

Stack Overflow in ImageMagick via fx Operation

Vulnerability report for CVE-2026-46557, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-10

Last updated on: 2026-06-11

Assigner: GitHub, Inc.

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-10
Last Modified
2026-06-11
Generated
2026-07-01
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-23 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in ImageMagick, a free and open-source software for editing and manipulating digital images. Before version 7.1.2-23, a missing depth check in the fx operation allows a crafted argument to cause a stack overflow.

Impact Analysis

The vulnerability can lead to a stack overflow, which may cause the application to crash or behave unexpectedly. According to the CVSS score, it has a high impact on availability but does not affect confidentiality or integrity.

Mitigation Strategies

To mitigate this vulnerability, you should update ImageMagick to version 7.1.2-23 or later, where the issue has been patched.

Detection Guidance

This vulnerability affects ImageMagick versions prior to 7.1.2-23 and involves a stack overflow in the fx operation when processing crafted arguments. Detection involves verifying the installed ImageMagick version to determine if it is vulnerable.

To detect if your system is vulnerable, check the ImageMagick version installed using the following command:

  • magick --version

If the version is earlier than 7.1.2-23, your system is vulnerable to this issue.

Since the vulnerability requires local access and is triggered by the fx operation with crafted arguments, monitoring for crashes or denial of service related to ImageMagick processes may also indicate exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46557. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart