Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
ImageMagick can be tricked into writing data outside its memory area
CVE-2026-30936
GHSA-5ggv-92r5-cp4p
Summary
A malicious image file can potentially cause ImageMagick to write data outside its intended memory area, potentially leading to crashes or security issues. This affects ImageMagick users who process untrusted image files. To mitigate this risk, update ImageMagick to the latest version to ensure you have the latest security patches.
What to do
- Update magick.net-q16-anycpu to version 14.10.4.
- Update magick.net-q16-hdri-anycpu to version 14.10.4.
- Update magick.net-q16-hdri-openmp-arm64 to version 14.10.4.
- Update magick.net-q16-hdri-arm64 to version 14.10.4.
- Update magick.net-q16-hdri-x64 to version 14.10.4.
- Update magick.net-q16-hdri-x86 to version 14.10.4.
- Update magick.net-q16-openmp-arm64 to version 14.10.4.
- Update magick.net-q16-openmp-x64 to version 14.10.4.
- Update magick.net-q16-openmp-x86 to version 14.10.4.
- Update magick.net-q16-arm64 to version 14.10.4.
- Update magick.net-q16-x64 to version 14.10.4.
- Update magick.net-q16-x86 to version 14.10.4.
- Update magick.net-q16-hdri-openmp-x64 to version 14.10.4.
- Update magick.net-q8-anycpu to version 14.10.4.
- Update magick.net-q8-openmp-arm64 to version 14.10.4.
- Update magick.net-q8-openmp-x64 to version 14.10.4.
- Update magick.net-q8-arm64 to version 14.10.4.
- Update magick.net-q8-x64 to version 14.10.4.
- Update magick.net-q8-x86 to version 14.10.4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| imagemagick | imagemagick | <= 6.9.13-41 | – |
| imagemagick | imagemagick | > 7.0.0-0 , <= 7.1.2-16 | – |
| – | magick.net-q16-anycpu | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-anycpu | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-openmp-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-x86 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-openmp-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-openmp-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-openmp-x86 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-x86 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q16-hdri-openmp-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-anycpu | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-openmp-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-openmp-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-arm64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-x64 | <= 14.10.4 | 14.10.4 |
| – | magick.net-q8-x86 | <= 14.10.4 | 14.10.4 |
Original title
ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage
Original description
A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.
```
=================================================================
==661320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000002754 at pc 0x5ff45f82c92a bp 0x7fffb732b400 sp 0x7fffb732b3f0
WRITE of size 4 at 0x503000002754 thread T0
```
```
=================================================================
==661320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000002754 at pc 0x5ff45f82c92a bp 0x7fffb732b400 sp 0x7fffb732b3f0
WRITE of size 4 at 0x503000002754 thread T0
```
nvd CVSS3.1
5.5
Vulnerability type
CWE-122
Heap-based Buffer Overflow
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026