Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.4
ImageMagick: Out of bounds read when blurring images
CVE-2026-30935
GHSA-cqw9-w2m7-r2m2
Summary
A bug in ImageMagick's blurring feature can cause it to access memory outside its allowed area. This can potentially lead to data being exposed. Update to the latest version of ImageMagick to fix this issue.
What to do
- Update magick.net-q16-anycpu to version 14.10.4.
- Update magick.net-q16-hdri-anycpu to version 14.10.4.
- Update magick.net-q16-hdri-openmp-arm64 to version 14.10.4.
- Update magick.net-q16-hdri-arm64 to version 14.10.4.
- Update magick.net-q16-hdri-x64 to version 14.10.4.
- Update magick.net-q16-hdri-x86 to version 14.10.4.
- Update magick.net-q16-openmp-arm64 to version 14.10.4.
- Update magick.net-q16-openmp-x64 to version 14.10.4.
- Update magick.net-q16-openmp-x86 to version 14.10.4.
- Update magick.net-q16-arm64 to version 14.10.4.
- Update magick.net-q16-x64 to version 14.10.4.
- Update magick.net-q16-x86 to version 14.10.4.
- Update magick.net-q16-hdri-openmp-x64 to version 14.10.4.
- Update magick.net-q8-anycpu to version 14.10.4.
- Update magick.net-q8-openmp-arm64 to version 14.10.4.
- Update magick.net-q8-openmp-x64 to version 14.10.4.
- Update magick.net-q8-arm64 to version 14.10.4.
- Update magick.net-q8-x64 to version 14.10.4.
- Update magick.net-q8-x86 to version 14.10.4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| imagemagick | imagemagick | <= 7.1.2-16 | – |
| – | magick.net-q16-anycpu | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-anycpu | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-openmp-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-x86 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-openmp-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-openmp-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-openmp-x86 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-x86 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-openmp-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-anycpu | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-openmp-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-openmp-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-x86 | <= 14.10.4 | 14.10.4 |
Original title
ImageMagick has Heap Buffer Over-Read in BilateralBlurImage
Original description
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur.
```
=================================================================
==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370
READ of size 4 at 0x50a0000079c0 thread T0
```
```
=================================================================
==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370
READ of size 4 at 0x50a0000079c0 thread T0
```
nvd CVSS3.1
4.4
Vulnerability type
CWE-125
Out-of-bounds Read
CWE-190
Integer Overflow
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026