Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.2
ImageMagick Crashes if Given Malformed Image File
CVE-2026-40169
GHSA-5592-p365-24xh
Summary
ImageMagick versions before 7.1.2-19 can crash if given a specially crafted image file. This could potentially allow an attacker to make the software stop working. To fix this, update to version 7.1.2-19 or later.
What to do
- Update magick.net-q16-anycpu to version 14.12.0.
- Update magick.net-q16-hdri-anycpu to version 14.12.0.
- Update magick.net-q16-hdri-openmp-arm64 to version 14.12.0.
- Update magick.net-q16-hdri-arm64 to version 14.12.0.
- Update magick.net-q16-hdri-x64 to version 14.12.0.
- Update magick.net-q16-hdri-x86 to version 14.12.0.
- Update magick.net-q16-openmp-arm64 to version 14.12.0.
- Update magick.net-q16-openmp-x64 to version 14.12.0.
- Update magick.net-q16-arm64 to version 14.12.0.
- Update magick.net-q16-x64 to version 14.12.0.
- Update magick.net-q16-x86 to version 14.12.0.
- Update magick.net-q8-anycpu to version 14.12.0.
- Update magick.net-q8-openmp-arm64 to version 14.12.0.
- Update magick.net-q8-openmp-x64 to version 14.12.0.
- Update magick.net-q8-arm64 to version 14.12.0.
- Update magick.net-q8-x64 to version 14.12.0.
- Update magick.net-q8-x86 to version 14.12.0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| nuget | – | magick.net-q16-anycpu |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-hdri-anycpu |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-hdri-openmp-arm64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-hdri-arm64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-hdri-x64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-hdri-x86 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-openmp-arm64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-openmp-x64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-arm64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-x64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q16-x86 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q8-anycpu |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q8-openmp-arm64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q8-openmp-x64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q8-arm64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q8-x64 |
< 14.12.0 Fix: upgrade to 14.12.0
|
| nuget | – | magick.net-q8-x86 |
< 14.12.0 Fix: upgrade to 14.12.0
|
Original title
ImageMagick has a heap buffer overflow (WRITE) in the YAML and JSON encoders.
Original description
A crafted image could result in an out of bounds heap write when writing a yaml or json output and that could result in a crash.
nvd CVSS3.1
6.2
Vulnerability type
CWE-122
Heap-based Buffer Overflow
CWE-787
Out-of-bounds Write
- https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836d...
- https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24...
- https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0
- https://nvd.nist.gov/vuln/detail/CVE-2026-40169
- https://github.com/advisories/GHSA-5592-p365-24xh
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 13 Apr 2026