CVE-2026-46557
Received Received - Intake
Stack Overflow in ImageMagick via fx Operation

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-46557
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-23 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ImageMagick, a free and open-source software for editing and manipulating digital images. Before version 7.1.2-23, a missing depth check in the fx operation allows a crafted argument to cause a stack overflow.

Impact Analysis

The vulnerability can lead to a stack overflow, which may cause the application to crash or behave unexpectedly. According to the CVSS score, it has a high impact on availability but does not affect confidentiality or integrity.

Mitigation Strategies

To mitigate this vulnerability, you should update ImageMagick to version 7.1.2-23 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46557. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart