Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.9

ImageMagick: Overflows when Processing Large Image Files

GHSA-98cp-rj9f-6v5g
Summary

A security issue in ImageMagick can cause it to crash or behave unexpectedly when processing certain types of image files. This can allow an attacker to potentially disrupt service or execute code. Update to the latest version of ImageMagick to fix this issue.

What to do
  • Update magick.net-q16-anycpu to version 14.20.0.
  • Update magick.net-q16-hdri-anycpu to version 14.20.0.
  • Update magick.net-q16-hdri-openmp-arm64 to version 14.20.0.
  • Update magick.net-q16-hdri-arm64 to version 14.20.0.
  • Update magick.net-q16-hdri-x64 to version 14.20.0.
  • Update magick.net-q16-hdri-x86 to version 14.20.0.
  • Update magick.net-q16-openmp-arm64 to version 14.20.0.
  • Update magick.net-q16-openmp-x64 to version 14.20.0.
  • Update magick.net-q16-arm64 to version 14.20.0.
  • Update magick.net-q16-x64 to version 14.20.0.
  • Update magick.net-q16-x86 to version 14.20.0.
  • Update magick.net-q16-hdri-openmp-x64 to version 14.20.0.
  • Update magick.net-q8-anycpu to version 14.20.0.
  • Update magick.net-q8-openmp-arm64 to version 14.20.0.
  • Update magick.net-q8-openmp-x64 to version 14.20.0.
  • Update magick.net-q8-arm64 to version 14.20.0.
  • Update magick.net-q8-x64 to version 14.20.0.
  • Update magick.net-q8-x86 to version 14.20.0.
Affected software
Ecosystem VendorProductAffected versions
nuget magick.net-q16-anycpu < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-hdri-anycpu < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-hdri-openmp-arm64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-hdri-arm64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-hdri-x64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-hdri-x86 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-openmp-arm64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-openmp-x64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-arm64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-x64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-x86 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q16-hdri-openmp-x64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q8-anycpu < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q8-openmp-arm64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q8-openmp-x64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q8-arm64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q8-x64 < 14.20.0
Fix: upgrade to 14.20.0
nuget magick.net-q8-x86 < 14.20.0
Fix: upgrade to 14.20.0
Original title
ImageMagick has has a stack-buffer-overflow in MNG encoder with oversized pallete
Original description
The patch for GHSA-7h7q-j33q-hvpf was incomplete and still allows a stack buffer overflow for the multi frame images.
ghsa CVSS3.1 6.9
Vulnerability type
CWE-121 Stack-based Buffer Overflow
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 15 Apr 2026