ImageMagick 6.9.13-47 Heap Buffer OVR via magick -distribute-cache
CVE-2026-46692 Published on June 10, 2026
ImageMagick: Heap Buffer Over-Write in distributed pixel cache server
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
Vulnerability Analysis
CVE-2026-46692 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2026-46692
Want to know whenever a new CVE is published for ImageMagick? stack.watch will email you.
Affected Versions
ImageMagick:- Version < 6.9.13-48 is affected.
- Version < 7.1.2-23 is affected.