{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27799", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-24T02:31:33.266Z", "datePublished": "2026-02-25T23:20:25.204Z", "dateUpdated": "2026-02-26T17:04:08.122Z"}, "containers": {"cna": {"title": "ImageMagick has a heap Buffer Over-read in its DJVU image format handler", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-126", "lang": "en", "description": "CWE-126: Buffer Over-read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced"}, {"name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 6.9.13-40", "status": "affected"}, {"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:20:25.204Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-r99p-5442-q2x2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T17:03:55.887716Z", "id": "CVE-2026-27799", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:04:08.122Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T17:03:55.887716Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:04:02.801Z"}}], "cna": {"title": "ImageMagick has a heap Buffer Over-read in its DJVU image format handler", "source": {"advisory": "GHSA-r99p-5442-q2x2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 6.9.13-40"}, {"status": "affected", "version": ">= 7.0.0, < 7.1.2-15"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced", "name": "https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T23:20:25.204Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27799", "state": "PUBLISHED", "dateUpdated": "2026-02-26T17:04:08.122Z", "dateReserved": "2026-02-24T02:31:33.266Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T23:20:25.204Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6F44A65-1733-4752-AAD0-BCCC7BDBC877", "versionEndExcluding": "6.9.13-40", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AFFD439-1068-4B6F-AE01-724AC62CDCEA", "versionEndExcluding": "7.1.2-15", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dlemstra:magick.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5891403-B079-4CD7-BA2A-361146A2F475", "versionEndExcluding": "14.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, existe una vulnerabilidad de lectura excesiva de b\u00fafer de pila en el gestor del formato de imagen DJVU. La vulnerabilidad ocurre debido a un truncamiento de enteros al calcular el 'stride' (tama\u00f1o de fila) para la asignaci\u00f3n del b\u00fafer de p\u00edxeles. El c\u00e1lculo del 'stride' desborda un entero con signo de 32 bits, lo que resulta en lecturas de memoria fuera de l\u00edmites. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche."}], "id": "CVE-2026-27799", "lastModified": "2026-02-27T16:01:02.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-26T00:16:25.393", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-126"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service and data corruption due to crafted DJVU image processing", "id": "2442879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442879"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in ImageMagick, a software suite used for editing and manipulating digital images. This vulnerability, a heap buffer over-read, exists within the component that handles DJVU image files. A local attacker could exploit this by processing a specially crafted DJVU image, leading to an error where the software miscalculates memory allocation due to an integer truncation. This causes the software to attempt to read memory outside its designated boundaries, which can result in a denial of service or potentially corrupt data."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted DJVU image files with ImageMagick. For server deployments, restrict network access to services that use ImageMagick for image processing. As an additional measure, consider disabling the DJVU delegate in ImageMagick's policy.xml configuration to prevent the processing of DJVU files. This may impact functionality that relies on DJVU image support."}, "name": "CVE-2026-27799", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-25T23:20:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-27799\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27799\nhttps://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2\nhttps://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"], "statement": "This MODERATE impact vulnerability in ImageMagick involves a heap buffer over-read within the DJVU image format handler. The flaw occurs due to an integer truncation during stride calculation for pixel buffer allocation, leading to out-of-bounds memory reads when processing a specially crafted DJVU image. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-17T14:43:06.833847+00:00", "value": {"mitigation_remediation": ["Update ImageMagick to version 7.1.2-15 or newer, or 6.9.13-40 or newer, and update Magick.NET to 14.10.3 or later to apply the patch.", "If an immediate upgrade is not feasible, disable DJVU image format support in the ImageMagick configuration to prevent the vulnerable code path from executing.", "Run image processing in a sandboxed or partially trusted environment to limit the impact of any potential memory read."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected. The flaw also applies to users that employ the .NET wrapper Magick.NET, which relies on the underlying ImageMagick libraries. The security notes reference patches that are included starting in those versions, and Magick.NET releases 14.10.3 incorporate the fix.", "description_and_impact": "The vulnerability arises from an integer truncation bug in the calculation of the stride for the pixel buffer while parsing DJVU images. This causes a 32\u2011bit signed integer overflow, leading to a heap buffer over\u2011read that can expose arbitrary heap memory contents. The flaw is a classic buffer over\u2011read (CWE-122/125/126) and could result in information disclosure or potential corruption of data processed by ImageMagick.", "risk_and_exploitability": "The CVSS score of 4.0 indicates a moderate severity, and the EPSS of less than 1% implies a very low expected exploitation rate. It is not listed in the CISA KEV catalog, so no confirmed exploit is known. Based on the type of vulnerability, the attack would require a crafted DJVU image to be processed by the affected library. If the library is used in a public\u2011facing application, an attacker could potentially trigger the buffer over\u2011read by uploading such a file, exposing sensitive heap data."}}}}, "created": "2026-02-26T13:10:37.030973+00:00", "updated": "2026-04-17T14:45:21.040185+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}