PatchSiren cyber security CVE debrief
CVE-2026-46520 ImageMagick CVE debrief
CVE-2026-46520 is a HIGH severity vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions, an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of ImageMagick, especially those who process multiple images with different dimensions, should upgrade to versions 6.9.13-48 or 7.1.2-23 to prevent potential out of bounds heap writes.
Technical summary
The vulnerability occurs when ImageMagick reads multiple images with different dimensions, allowing for an out of bounds heap write. The CVSS score for this vulnerability is 7.5, indicating a HIGH severity level.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to ImageMagick version 6.9.13-48 or 7.1.2-23 or later.
- Review and update any dependent software or systems that utilize ImageMagick.
Evidence notes
The vulnerability was patched in versions 6.9.13-48 and 7.1.2-23. Users can refer to the vendor advisory at [ref-4] for more information.
Official resources
-
CVE-2026-46520 CVE record
CVE.org
-
CVE-2026-46520 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-46520 was published on 2026-06-10T22:16:59.193Z and modified on 2026-06-11T18:41:51.983Z.