Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
ImageMagick: Malicious Image Files Can Crash Software or Leak Info
OESA-2026-1502
Summary
ImageMagick, a widely used image editing software, has a security issue that can be triggered by a specially crafted image file. This could cause the software to crash or leak sensitive information. Update your ImageMagick installation to the latest version to protect against this vulnerability.
What to do
- Update imagemagick to version 7.1.2.15-1.oe2203sp4.
- Update imagemagick to version 7.1.2.15-1.oe2403sp3.
- Update imagemagick to version 7.1.2.15-1.oe2403sp1.
- Update imagemagick to version 7.1.2.15-1.oe2403sp2.
- Update imagemagick to version 6.9.13.40-1.oe2003sp4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | imagemagick | <= 7.1.2.15-1.oe2203sp4 | 7.1.2.15-1.oe2203sp4 |
| – | imagemagick | <= 7.1.2.15-1.oe2403sp3 | 7.1.2.15-1.oe2403sp3 |
| – | imagemagick | <= 7.1.2.15-1.oe2403sp1 | 7.1.2.15-1.oe2403sp1 |
| – | imagemagick | <= 7.1.2.15-1.oe2403sp2 | 7.1.2.15-1.oe2403sp2 |
| – | imagemagick | <= 7.1.2.15-1.oe2403sp3 | 7.1.2.15-1.oe2403sp3 |
| – | imagemagick | <= 6.9.13.40-1.oe2003sp4 | 6.9.13.40-1.oe2003sp4 |
Original title
ImageMagick security update
Original description
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.
Security Fix(es):
ImageMagick is an open-source software suite for image processing. A heap buffer over-read vulnerability exists in its WaveletDenoise module when processing certain small-sized images. An attacker could exploit this vulnerability by crafting a malicious image file, potentially causing the application to crash (denial of service) or, under specific conditions, leaking sensitive information from the process memory.(CVE-2026-27798)
ImageMagick is a widely used open-source software suite for image processing. A vulnerability exists in its DjVu decoder where an out-of-bounds read can occur when processing a specially crafted DjVu image file. An attacker could exploit this by tricking a user into processing a malicious DjVu file, potentially leading to information disclosure, application crash, or denial of service. This vulnerability has been disclosed in a GitHub Security Advisory.(CVE-2026-27799)
Security Fix(es):
ImageMagick is an open-source software suite for image processing. A heap buffer over-read vulnerability exists in its WaveletDenoise module when processing certain small-sized images. An attacker could exploit this vulnerability by crafting a malicious image file, potentially causing the application to crash (denial of service) or, under specific conditions, leaking sensitive information from the process memory.(CVE-2026-27798)
ImageMagick is a widely used open-source software suite for image processing. A vulnerability exists in its DjVu decoder where an out-of-bounds read can occur when processing a specially crafted DjVu image file. An attacker could exploit this by tricking a user into processing a malicious DjVu file, potentially leading to information disclosure, application crash, or denial of service. This vulnerability has been disclosed in a GitHub Security Advisory.(CVE-2026-27799)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27798 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27799 Vendor Advisory
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026