PatchSiren cyber security CVE debrief
CVE-2026-45664 ImageMagick CVE debrief
CVE-2026-45664 is a vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, a missing check in the MNG coder could allow reading more images than the list limit policy would allow, resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of ImageMagick, particularly those who process MNG images, should be aware of this vulnerability and update to the patched versions to prevent potential resource exhaustion attacks.
Technical summary
The vulnerability has a CVSS score of 5.3 and is classified as MEDIUM severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The weaknesses associated with this vulnerability are CWE-400, CWE-407, and CWE-674.
Defensive priority
MEDIUM
Recommended defensive actions
- Update ImageMagick to version 6.9.13-47 or 7.1.2-22 or later.
- Review and limit the number of images processed by ImageMagick to prevent excessive resource use.
Evidence notes
The vulnerability was published on 2026-06-10T22:16:58.910Z and modified on 2026-06-11T18:41:47.433Z. The CVE record can be found at [cve-org]. The NVD detail can be found at [nvd]. The vendor advisory can be found at [ref-4].
Official resources
-
CVE-2026-45664 CVE record
CVE.org
-
CVE-2026-45664 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-45664 was published on 2026-06-10T22:16:58.910Z and modified on 2026-06-11T18:41:47.433Z.