{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22770", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-09T18:27:19.387Z", "datePublished": "2026-01-20T00:48:19.241Z", "dateUpdated": "2026-01-21T20:10:46.858Z"}, "containers": {"cna": {"title": "ImageMagick vulnerable to Release of Invalid Pointer in BilateralBlur when memory allocation fails", "problemTypes": [{"descriptions": [{"cweId": "CWE-763", "lang": "en", "description": "CWE-763: Release of Invalid Pointer or Reference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 7.1.2-13", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-20T00:48:19.241Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue."}], "source": {"advisory": "GHSA-39h3-g67r-7g3c", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-21T20:05:17.303115Z", "id": "CVE-2026-22770", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T20:10:46.858Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22770", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-21T20:05:17.303115Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T20:08:55.135Z"}}], "cna": {"title": "ImageMagick vulnerable to Release of Invalid Pointer in BilateralBlur when memory allocation fails", "source": {"advisory": "GHSA-39h3-g67r-7g3c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 7.1.2-13"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e", "name": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-763", "description": "CWE-763: Release of Invalid Pointer or Reference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-20T00:48:19.241Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22770", "state": "PUBLISHED", "dateUpdated": "2026-01-21T20:10:46.858Z", "dateReserved": "2026-01-09T18:27:19.387Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-20T00:48:19.241Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4F0ED35-C455-412F-860C-5B3A9371E882", "versionEndExcluding": "7.1.2-13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue."}], "id": "CVE-2026-22770", "lastModified": "2026-01-29T14:56:04.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-20T01:15:57.153", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service due to improper pointer initialization", "id": "2431037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431037"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-763", "details": ["A flaw was found in ImageMagick. The BilateralBlurImage method improperly initializes a memory buffer. This can lead to the release of an invalid pointer if memory allocation fails. A remote attacker could exploit this vulnerability to cause a Denial of Service (DoS) by providing a specially crafted image, leading to application instability or crashes."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted image files with ImageMagick. If ImageMagick is used in an automated or server-side context, consider implementing sandboxing mechanisms to limit the impact of potential exploitation. Restricting the sources of images processed by ImageMagick to trusted origins can also reduce exposure."}, "name": "CVE-2026-22770", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-01-20T00:48:19Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-22770\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-22770\nhttps://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c"], "statement": "This vulnerability is rated Moderate for Red Hat products as it affects ImageMagick, a widely used image processing library. A flaw in the `BilateralBlurImage` method can lead to a release of an invalid pointer when memory allocation fails, potentially resulting in a denial of service. This issue impacts Red Hat Enterprise Linux 6 ELS, 7 ELS, and Community Projects like EPEL and Fedora.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T04:53:04.541025+00:00", "value": {"mitigation_remediation": ["Apply the ImageMagick 7.1.2\u201113 patch or later to fix the pointer release bug.", "If an upgrade cannot be applied immediately, stop using BilateralBlurImage on untrusted images or disable the function in application logic until the patch is applied.", "After applying the patch or disabling the function, restart all dependent services and monitor logs for any segmentation faults or crash events."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is ImageMagick. Any installation that is not at least version 7.1.2\u201113 is vulnerable. The vulnerability affects all platforms where ImageMagick executes the BilateralBlurImage function, including command\u2011line tools and libraries used in image processing pipelines.", "description_and_impact": "This vulnerability arises in ImageMagick versions older than 7.1.2\u201113 when the BilateralBlurImage method allocates a set of double buffers. The last buffer in the set is not initialized correctly. When a memory allocation fails, the invalid pointer is later released during DestroyBilateralTLS, causing a segmentation fault. The weakness can be identified as an improper release of memory resources (CWE\u2011763). Compromise can result in application crashes that lead to denial of service.", "risk_and_exploitability": "The CVSS score is 6.5, indicating moderate severity. The EPSS score is below 1%, indicating a very low expected exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or remote via a crafted image that triggers the BilateralBlurImage routine, which would cause the application to crash. Although the description does not confirm remote code execution, the presence of a faulty pointer release could destabilize the process if the attacker can influence memory allocation outcomes. Current mitigations rely on patching."}}}}, "created": "2026-01-20T08:40:12.166031+00:00", "updated": "2026-04-18T05:00:06.033967+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}