PatchSiren cyber security CVE debrief
CVE-2026-53461 ImageMagick CVE debrief
CVE-2026-53461 is a HIGH severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of ImageMagick versions prior to 6.9.13-50 and 7.1.2-25 should apply the patches to prevent a potential crash caused by an out of bounds heap write.
Technical summary
The vulnerability is caused by an incorrect loop in the ICON decoder of ImageMagick, leading to an out of bounds heap write. This can result in a crash. The issue has been patched in versions 6.9.13-50 and 7.1.2-25.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches: Upgrade to ImageMagick versions 6.9.13-50 or 7.1.2-25 or later.
- Workaround: None mentioned.
Evidence notes
CVE-2026-53461 has a CVSS score of 7.5 and is considered HIGH severity. The vulnerability was published on [cve-org] and additional details can be found on [nvd].
Official resources
-
CVE-2026-53461 CVE record
CVE.org
-
CVE-2026-53461 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-53461 was published on 2026-06-10T23:16:50.430Z and modified on 2026-06-11T18:44:16.170Z.