CVE-2026-53467
Undergoing Analysis Undergoing Analysis - In Progress

Heap Information Disclosure in ImageMagick

Vulnerability report for CVE-2026-53467, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: GitHub, Inc.

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-02
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
image_magick image_magick to 7.1.2-26|end_excluding=6.9.13-51 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-908 The product uses or accesses a resource that has not been initialized.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-53467 is an information disclosure vulnerability in the MNG decoder of ImageMagick, a software used for editing and manipulating digital images.

The issue arises because allocated memory is left unchanged during processing, causing part of the pixels to remain exposed and potentially leak sensitive data.

This vulnerability affects ImageMagick versions prior to 6.9.13-51 and 7.1.2-26 and has been fixed in those versions.

Impact Analysis

This vulnerability can impact you by exposing sensitive information through leaked pixel data in images processed by vulnerable versions of ImageMagick.

The attack can be performed remotely over a network without requiring privileges or user interaction.

The primary impact is on confidentiality, meaning that sensitive data could be disclosed, while integrity and availability are not significantly affected.

Detection Guidance

This vulnerability affects ImageMagick versions prior to 6.9.13-51 and 7.1.2-26. To detect if your system is vulnerable, you should first identify the installed ImageMagick version.

  • Run the command `magick -version` or `convert -version` to check the installed ImageMagick version.
  • If the version is older than 6.9.13-51 or 7.1.2-26, your system is vulnerable.

Since the vulnerability is network-based and involves the MNG decoder, monitoring network traffic for suspicious MNG image files being processed could help detect exploitation attempts, but no specific detection commands are provided.

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to a fixed version.

  • Update ImageMagick to version 6.9.13-51 or later, or 7.1.2-26 or later, where the vulnerability has been patched.

Until the update can be applied, consider restricting network access to services that use ImageMagick to reduce exposure to remote attacks.

Compliance Impact

This vulnerability in ImageMagick's MNG decoder can lead to information disclosure by leaking parts of pixel data, potentially exposing sensitive information.

Such information disclosure issues can impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding the confidentiality of personal and sensitive data.

If exploited, this vulnerability could result in unauthorized access to confidential data, thereby violating these compliance requirements.

However, the vulnerability has been fixed in versions 6.9.13-51 and 7.1.2-26, so using these or later versions mitigates the compliance risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53467. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart