{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23876", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-16T21:02:02.900Z", "datePublished": "2026-01-20T01:01:38.527Z", "dateUpdated": "2026-02-26T14:44:46.038Z"}, "containers": {"cna": {"title": "Heap buffer overflow with attacker-controlled data in XBM parser", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 7.1.2-13", "status": "affected"}, {"version": "< 6.9.13-38", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-20T01:01:38.527Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue."}], "source": {"advisory": "GHSA-r49w-jqq3-3gx8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23876", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-21T04:55:22.550398Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:46.038Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23876", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-21T04:55:22.550398Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T21:35:22.616Z"}}], "cna": {"title": "Heap buffer overflow with attacker-controlled data in XBM parser", "source": {"advisory": "GHSA-r49w-jqq3-3gx8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 7.1.2-13"}, {"status": "affected", "version": "< 6.9.13-38"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8", "name": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-20T01:01:38.527Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23876", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:46.038Z", "dateReserved": "2026-01-16T21:02:02.900Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-20T01:01:38.527Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5479E5D-F05A-4418-9D2B-12523B300E2C", "versionEndExcluding": "6.9.13-38", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "F658C5B2-8A54-42DB-88AB-FB7D5FE1712C", "versionEndExcluding": "7.1.2-13", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue."}], "id": "CVE-2026-23876", "lastModified": "2026-01-29T13:54:14.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-20T01:15:57.440", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file", "id": "2431038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431038"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "(CWE-122|CWE-190)", "details": ["A flaw was found in ImageMagick. A heap buffer overflow, a type of memory corruption, in the XBM image decoder (ReadXBMImage) allows a remote attacker to write controlled data beyond the allocated memory buffer when processing a maliciously crafted image file. This can lead to arbitrary code execution, information disclosure, or a denial of service. The vulnerability can be triggered by any operation that reads or identifies an image."], "mitigation": {"lang": "en:us", "value": "To reduce the risk associated with this vulnerability, avoid processing untrusted XBM image files with ImageMagick. Implement strict input validation and sanitization for any image files processed by ImageMagick, especially those originating from external or untrusted sources. Deploying ImageMagick within a sandboxed or containerized environment can further limit the impact of a successful exploit by isolating the process and restricting its access to system resources."}, "name": "CVE-2026-23876", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-01-20T01:01:38Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23876\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23876\nhttps://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8"], "statement": "This vulnerability is rated Important for Red Hat products as it affects ImageMagick, a widely used image manipulation suite. A heap buffer overflow in the XBM image decoder can be triggered by processing a specially crafted image file, potentially leading to arbitrary code execution or denial of service. Exploitation can occur through common image upload and processing pipelines.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-18T04:52:47.888418+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version 7.1.2-13 or 6.9.13-38 or later", "If rebuilding from source, apply the patch from the ImageMagick repository to the XBM decoder", "Disable or reject XBM image uploads unless the format is absolutely required"], "summary": {"action": "Patch", "impact": "Arbitrary code execution via heap buffer overflow in XBM decoder"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the ImageMagick image manipulation suite. All releases of ImageMagick older than 7.1.2-13 and 6.9.13-38 are impacted. The fix is delivered in ImageMagick 7.1.2\u201113 and 6.9.13\u201138 and later builds.", "description_and_impact": "A heap buffer overflow exists in the XBM image decoder of ImageMagick prior to versions 7.1.2-13 and 6.9.13-38. The flaw is triggered when the decoder processes a maliciously crafted XBM file, causing it to write attacker\u2011controlled data beyond the bounds of a heap buffer. This allows an attacker to corrupt memory and potentially execute arbitrary code, falling under CWE\u2011122 and CWE\u2011190 weaknesses.", "risk_and_exploitability": "The CVSS score of 8.1 indicates high severity, and the EPSS score of less than 1% suggests low current exploitation probability, though the flaw remains unpatched in many deployments. Any operation that reads or identifies an XBM image\u2014such as image upload, thumbnail generation, or format conversion\u2014can trigger the overflow. Exploitation requires the ability to supply a crafted XBM file to the ImageMagick decoder, which many web services, content management systems, or image processing pipelines provide."}}}}, "created": "2026-01-20T08:40:12.814745+00:00", "updated": "2026-04-18T05:00:06.032851+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}