CVE-2026-22770

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-13

Description ImageMagick is software used for editing and manipulating digital images. A flaw exists in the BilateralBlurImage method where double buffers allocated inside AcquireBilateralTLS are not fully initialized. This can lead to the release of an invalid pointer within the DestroyBilateralTLS function when memory allocation fails.

Recommendations Update ImageMagick to version 7.1.2-13 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-763

Related Identifiers

BDU:2026-00644

CVE-2026-22770

ECHO-88C3-EBA5-4D7B

GHSA-39H3-G67R-7G3C

OESA-2026-1242

OESA-2026-1243

OESA-2026-1244

OESA-2026-1245

OESA-2026-1246

OPENSUSE-SU-2026:10119-1

OPENSUSE-SU-2026:20337-1

SUSE-SU-2026:0437-1

SUSE-SU-2026:0438-1

Affected Products

Imagemagick

CVE-2026-22770

Weakness Enumeration

Related Identifiers

Affected Products

References · 112