PT-2026-32523 · Unknown · Imagemagick

Unbengable12

·

Published

2026-04-13

·

Updated

2026-04-29

·

CVE-2026-33899

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-44 ImageMagick versions prior to 7.1.2-19
Description When Magick parses an XML file, a single zero byte may be written out of bounds.
Recommendations Update to version 6.9.13-44. Update to version 7.1.2-19.

Fix

Heap Based Buffer Overflow

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-191

Related Identifiers

CVE-2026-33899
ECHO-7A8D-B09B-D4C9
GHSA-CR67-PVMX-2PP2
OESA-2026-1916
OESA-2026-1917
OESA-2026-1918
OESA-2026-1919
OESA-2026-1920
OESA-2026-1921
OPENSUSE-SU-2026:10586-1
OPENSUSE-SU-2026:20606-1
SUSE-SU-2026:1596-1
SUSE-SU-2026:1597-1
SUSE-SU-2026:1598-1

Affected Products

Imagemagick