ImageMagick before 7.1.2-26 JP2 Encoder Heap Buffer Overwrite
CVE-2026-55597 Published on July 1, 2026
ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.
Vulnerability Analysis
CVE-2026-55597 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Types
Incorrect Calculation
The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. When software performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2026-55597 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2026-55597
Want to know whenever a new CVE is published for ImageMagick? stack.watch will email you.