CVE-2026-33900

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-44 ImageMagick versions prior to 7.1.2-19

Description The viff encoder contains an integer truncation or wraparound issue on 32-bit builds. This can trigger an out of bounds heap write, potentially causing a crash.

Recommendations Update to version 6.9.13-44 or later. Update to version 7.1.2-19 or later. As a temporary workaround, consider restricting the use of the viff encoder to minimize the risk of exploitation.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2026-33900

ECHO-EE9F-E0B6-7A61

GHSA-V67W-737X-V2C9

OESA-2026-1916

OESA-2026-1917

OESA-2026-1918

OESA-2026-1919

OESA-2026-1920

OESA-2026-1921

OPENSUSE-SU-2026:10586-1

OPENSUSE-SU-2026:20606-1

SUSE-SU-2026:1596-1

SUSE-SU-2026:1597-1

SUSE-SU-2026:1598-1

Affected Products

Imagemagick

CVE-2026-33900

Weakness Enumeration

Related Identifiers

Affected Products

References · 77