PatchSiren cyber security CVE debrief
CVE-2026-45624 ImageMagick CVE debrief
CVE-2026-45624 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion, an out-of-bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of ImageMagick, particularly those who process images from untrusted sources, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by an out-of-bounds over-read when performing a polynomial distortion with specific arguments. This can lead to a medium-severity issue with a CVSS score of 5.1.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to ImageMagick version 6.9.13-47 or 7.1.2-22 or later.
- Use the official vendor advisory for mitigation guidance: [ref-4](https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966)
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide additional information on this vulnerability.
Official resources
-
CVE-2026-45624 CVE record
CVE.org
-
CVE-2026-45624 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-45624 was published on 2026-06-10T22:16:58.723Z and modified on 2026-06-11T18:41:43.880Z.