PatchSiren cyber security CVE debrief

CVE-2026-42326 ImageMagick CVE debrief

CVE-2026-42326 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file, a malicious input file could cause an out-of-bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Vendor: ImageMagick
Product: Unknown
CVSS: MEDIUM 5.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-10
Original CVE updated: 2026-06-11
Advisory published: 2026-06-10
Advisory updated: 2026-06-11

Who should care

Users of ImageMagick, particularly those who process IPTC output files, should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability is caused by an out-of-bounds read of a single byte when writing an IPTC output file. This can be exploited by a malicious input file.

Defensive priority

Medium

Recommended defensive actions

Update to ImageMagick version 6.9.13-47 or 7.1.2-22 or later.
Be cautious when processing IPTC output files from untrusted sources.

Evidence notes

The vulnerability is documented in the CVE record [cve-org] and the NVD detail page [nvd]. A vendor advisory is available at [ref-4].

Official resources

CVE-2026-42326 CVE record
CVE.org
CVE-2026-42326 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE-2026-42326 was published on 2026-06-10T22:16:57.250Z and modified on 2026-06-11T18:41:23.033Z.