CVE-2026-55597
Undergoing Analysis Undergoing Analysis - In Progress

Heap Buffer Overflow in ImageMagick

Vulnerability report for CVE-2026-55597, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: GitHub, Inc.

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-02
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
image_magick image_magick to 7.1.2-26 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-682 The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap buffer over-write issue in the JP2 encoder of ImageMagick, caused by incorrect handling of arguments. It affects versions prior to 7.1.2-26. The problem arises from incorrect calculation and out-of-bounds write errors, which can lead to memory corruption.

Impact Analysis

The vulnerability can impact system availability by causing a high loss of availability. It requires local access, low attack complexity, no privileges, and user interaction to exploit. Essentially, it can cause the affected system or application to crash or behave unpredictably, leading to denial of service.

Detection Guidance

This vulnerability is related to a heap buffer over-write in the JP2 encoder of ImageMagick due to incorrect handling of arguments. Detection typically involves verifying the installed version of ImageMagick to determine if it is prior to the patched version 7.1.2-26.

You can check the installed ImageMagick version by running the following command on your system:

  • magick -version

If the version is older than 7.1.2-26, your system is vulnerable. Since this vulnerability requires local access and user interaction, monitoring for suspicious usage of the JP2 encoder or malformed JP2 files triggering crashes may also help in detection.

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to version 7.1.2-26 or later, where this vulnerability has been fixed.

Until the upgrade can be applied, restrict local access to systems running vulnerable versions and limit user interaction with the JP2 encoder functionality to reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55597. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart