CVE-2026-48994
Undergoing Analysis Undergoing Analysis - In Progress
Heap Buffer Overwrite in ImageMagick

Publication date: 2026-06-10

Last updated on: 2026-06-11

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-48994
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-48|end_excluding=7.1.2-24 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ImageMagick, a free and open-source software used for editing and manipulating digital images. Before versions 6.9.13-48 and 7.1.2-24, there was a missing check of a return value in the MAT decoder on 32-bit systems. This flaw could lead to a heap buffer over-write, which is a type of memory corruption.

Impact Analysis

The vulnerability can cause a heap buffer over-write, which may lead to application crashes or potentially allow an attacker to execute arbitrary code or cause denial of service. The CVSS score of 5.9 indicates a moderate severity with a high impact on availability but no direct impact on confidentiality or integrity.

Mitigation Strategies

To mitigate this vulnerability, you should update ImageMagick to version 6.9.13-48 or later, or version 7.1.2-24 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48994. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart