ImageMagick MVG Heap Buffer Overflow before 7.1.2-26
CVE-2026-55577 Published on July 1, 2026
ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
Vulnerability Analysis
CVE-2026-55577 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Types
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2026-55577 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2026-55577
Want to know whenever a new CVE is published for ImageMagick? stack.watch will email you.
Affected Versions
ImageMagick:- Version >= 7.0.1-0, < 7.1.2-26 is affected.
- Version < 6.9.13-51 is affected.