PT-2026-32526 · Unknown · Imagemagick

Fumfel

Published

2026-04-13

Updated

2026-04-29

CVE-2026-33902

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 ImageMagick versions prior to 6.9.13-44

Description A stack overflow in the FX expression parser allows an attacker to crash the process by providing a deeply nested expression.

Recommendations Update to version 7.1.2-19. Update to version 6.9.13-44. Restrict access to the vulnerable FX expression parser to minimize the risk of exploitation.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2026-33902

ECHO-9760-303C-BD52

GHSA-F4QM-VJ5J-9XPW

OESA-2026-1916

OESA-2026-1917

OESA-2026-1918

OESA-2026-1919

OESA-2026-1920

OESA-2026-1921

OPENSUSE-SU-2026:10586-1

OPENSUSE-SU-2026:20606-1

SUSE-SU-2026:1598-1

Affected Products

Imagemagick

PT-2026-32526 · Unknown · Imagemagick

CVE-2026-33902

Weakness Enumeration

Related Identifiers

Affected Products

References · 74