PatchSiren cyber security CVE debrief
CVE-2026-45031 ImageMagick CVE debrief
CVE-2026-45031 is a vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, a missing check in the PSD decoder allowed for a bypass of the list-length resource policy when decoding PSD images. Other security limits would still apply. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of ImageMagick, particularly those who handle PSD images, should be aware of this vulnerability and take steps to update to a patched version.
Technical summary
The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The weakness is classified as CWE-400 and CWE-770.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to ImageMagick version 6.9.13-47 or 7.1.2-22 or later.
- Review and limit the types of images processed by ImageMagick to reduce exposure.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. The vendor advisory is available at [ref-4].
Official resources
-
CVE-2026-45031 CVE record
CVE.org
-
CVE-2026-45031 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-45031 was published on [cvePublishedAt] and modified on [cveModifiedAt].