PatchSiren cyber security CVE debrief
CVE-2026-46557 ImageMagick CVE debrief
CVE-2026-46557 is a stack overflow vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to version 7.1.2-23, a missing depth check in the fx operation allows an attacker to pass a crafted argument, potentially leading to a stack overflow. This issue has been patched in version 7.1.2-23.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- MEDIUM 6.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of ImageMagick, particularly those who process untrusted images or use the fx operation, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a missing depth check in the fx operation of ImageMagick. This allows an attacker to pass a crafted argument, potentially leading to a stack overflow. The CVSS score for this vulnerability is 6.2, with a severity rating of MEDIUM.
Defensive priority
MEDIUM
Recommended defensive actions
- Update ImageMagick to version 7.1.2-23 or later.
- Avoid processing untrusted images with ImageMagick.
- Use the fx operation with caution and validate user input.
Evidence notes
The vulnerability was patched in version 7.1.2-23 of ImageMagick. The CVE record and NVD detail pages provide additional information about the vulnerability.
Official resources
-
CVE-2026-46557 CVE record
CVE.org
-
CVE-2026-46557 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-46557 was published on 2026-06-10T23:16:47.037Z and modified on 2026-06-11T18:42:12.863Z.