CNNVD-202601-3317 Information
CNNVD ID
CNNVD-202601-3317
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。 ImageMagick 7.1.2-13之前版本和6.9.13-38之前版本存在输入验证错误漏洞,该漏洞源于XBM图像解码器存在堆缓冲区溢出,可能导致处理恶意图像文件时写入受控数据。
Description (English)
ImageMagick is an open-source image-processing software for ImageMagick open source. Reads, converts or writes pictures in multiple formats. There is an input validation error gap in previous versions of ImageMagick 7.1.2-13 and before 6.9.13-38, which stems from the presence of an XBM image decoder spill over a stack of buffer zones, which may lead to the inclusion of controlled data in the processing of malicious image files.
Hazard Level
Medium
Vulnerability Type
输入验证错误
Affected Vendor
ImageMagick
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8
Patch
https://github.com/ImageMagick/ImageMagick/releases
Share on: