CVE-2026-46692
Received Received - Intake
Heap Buffer Overflow in ImageMagick

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-46692
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-48 (exc)
imagemagick imagemagick to 7.1.2-23 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process.

A heap buffer over-write is a type of memory corruption that can lead to unexpected behavior or crashes in the software.

This issue has been fixed in versions 6.9.13-48 and 7.1.2-23.

Impact Analysis

The vulnerability can cause a heap buffer over-write in the ImageMagick server process if an attacker is able to connect to the magick -distribute-cache service.

This may lead to instability or crashes of the ImageMagick service, potentially resulting in denial of service.

The CVSS score indicates a moderate impact with a Base Score of 4.1, primarily affecting availability (A:H) but not confidentiality or integrity.

Mitigation Strategies

To mitigate this vulnerability, update ImageMagick to version 6.9.13-48 or later, or version 7.1.2-23 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart