ImageMagick CVE-2026-48734: MVG Stack Overflow Pre v6.9.13-49/7.1.2-24
CVE-2026-48734 Published on June 10, 2026
ImageMagick: Stack Overflow in MVG decoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.
Vulnerability Analysis
CVE-2026-48734 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is a Stack Exhaustion Vulnerability?
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
CVE-2026-48734 has been classified to as a Stack Exhaustion vulnerability or weakness.
Products Associated with CVE-2026-48734
Want to know whenever a new CVE is published for ImageMagick? stack.watch will email you.
Affected Versions
ImageMagick:- Version < 6.9.13-49 is affected.
- Version < 7.1.2-24 is affected.