ImageMagick MNG Decoder Heap Info Disclosure (before 6.9.13-51/7.1.2-26)
CVE-2026-53467 Published on July 1, 2026

ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

NVD

Vulnerability Analysis

CVE-2026-53467 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Types

Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized. When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2026-53467 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2026-53467

Want to know whenever a new CVE is published for ImageMagick? stack.watch will email you.

 

Affected Versions

ImageMagick: