ImageMagick MNG Decoder Heap Info Disclosure (before 6.9.13-51/7.1.2-26)
CVE-2026-53467 Published on July 1, 2026
ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
Vulnerability Analysis
CVE-2026-53467 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Types
Use of Uninitialized Resource
The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-53467 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-53467
Want to know whenever a new CVE is published for ImageMagick? stack.watch will email you.
Affected Versions
ImageMagick:- Version < 6.9.13-51 is affected.
- Version >= 7.0.1-0, < 7.1.2-26 is affected.