Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.3
ImageMagick allows unauthorized access to sensitive data in images
GHSA-8vfj-q2cp-5m5j
Summary
ImageMagick, a popular image processing tool, has a bug that can allow an attacker to access sensitive data in images. This is a serious issue because it could potentially allow hackers to steal or manipulate sensitive information. Update to the latest version of ImageMagick to fix this issue.
What to do
- Update magick.net-q16-anycpu to version 14.20.0.
- Update magick.net-q16-hdri-anycpu to version 14.20.0.
- Update magick.net-q16-hdri-openmp-arm64 to version 14.20.0.
- Update magick.net-q16-hdri-arm64 to version 14.20.0.
- Update magick.net-q16-hdri-x64 to version 14.20.0.
- Update magick.net-q16-hdri-x86 to version 14.20.0.
- Update magick.net-q16-openmp-arm64 to version 14.20.0.
- Update magick.net-q16-openmp-x64 to version 14.20.0.
- Update magick.net-q16-arm64 to version 14.20.0.
- Update magick.net-q16-x64 to version 14.20.0.
- Update magick.net-q16-x86 to version 14.20.0.
- Update magick.net-q16-hdri-openmp-x64 to version 14.20.0.
- Update magick.net-q8-anycpu to version 14.20.0.
- Update magick.net-q8-openmp-arm64 to version 14.20.0.
- Update magick.net-q8-openmp-x64 to version 14.20.0.
- Update magick.net-q8-arm64 to version 14.20.0.
- Update magick.net-q8-x64 to version 14.20.0.
- Update magick.net-q8-x86 to version 14.20.0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| nuget | – | magick.net-q16-anycpu |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-hdri-anycpu |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-hdri-openmp-arm64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-hdri-arm64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-hdri-x64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-hdri-x86 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-openmp-arm64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-openmp-x64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-arm64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-x64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-x86 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q16-hdri-openmp-x64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q8-anycpu |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q8-openmp-arm64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q8-openmp-x64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q8-arm64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q8-x64 |
< 14.20.0 Fix: upgrade to 14.20.0
|
| nuget | – | magick.net-q8-x86 |
< 14.20.0 Fix: upgrade to 14.20.0
|
Original title
ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value
Original description
An unrecognized magnify:method will result in an out of bounds read in the magnify operation.
```
==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30
READ of size 4 at 0x61a000000b30 thread T0
```
```
==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30
READ of size 4 at 0x61a000000b30 thread T0
```
ghsa CVSS3.1
3.3
Vulnerability type
CWE-122
Heap-based Buffer Overflow
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 15 Apr 2026