CVE-2026-40169

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19

Description A crafted image could result in an out of bounds heap write (a memory corruption error where data is written outside the boundaries of an allocated heap memory block) when writing a yaml or json output, resulting in a crash.

Recommendations Update to version 7.1.2-19. As a temporary workaround, consider restricting the use of yaml or json output until the software is updated.

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2026-40169

GHSA-5592-P365-24XH

OESA-2026-1916

OESA-2026-1917

OESA-2026-1918

OESA-2026-1919

OESA-2026-1921

OPENSUSE-SU-2026:10586-1

OPENSUSE-SU-2026:20606-1

SUSE-SU-2026:1597-1

SUSE-SU-2026:1598-1

Affected Products

Imagemagick

CVE-2026-40169

Weakness Enumeration

Related Identifiers

Affected Products

References · 73