PT-2026-41776 · Imagemagick+9 · Imagemagick+21

Osidb Bzimport

·

Published

2026-05-18

·

Updated

2026-07-13

·

CVE-2026-45359

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)
Description An invalid connected-components:keep-top value can lead to a heap buffer over-read during the connected components operation. A heap buffer over-read occurs when a program reads data past the end of the intended buffer in the heap memory area.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45359
ECHO-6D88-73D8-CF02
GHSA-VHRH-72HQ-W8M7
OESA-2026-2386
OESA-2026-2388
OESA-2026-2389
OESA-2026-2463
OPENSUSE-SU-2026:11061-1
OPENSUSE-SU-2026:21071-1
SUSE-SU-2026:22378-1
SUSE-SU-2026:2580-1
SUSE-SU-2026:2877-1

Affected Products

Imagemagick
Magick.Net-Q16-Anycpu
Magick.Net-Q16-Hdri-Anycpu
Magick.Net-Q16-Hdri-Openmp-Arm64
Magick.Net-Q16-Hdri-Openmp-X64
Magick.Net-Q16-Hdri-Arm64
Magick.Net-Q16-Hdri-X64
Magick.Net-Q16-Hdri-X86
Magick.Net-Q16-Openmp-Arm64
Magick.Net-Q16-Openmp-X64
Magick.Net-Q16-Arm64
Magick.Net-Q16-X64
Magick.Net-Q16-X86
Magick.Net-Q8-Anycpu
Magick.Net-Q8-Openmp-Arm64
Magick.Net-Q8-Openmp-X64
Magick.Net-Q8-Arm64
Magick.Net-Q8-X64
Magick.Net-Q8-X86
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Rootio-Imagemagick