{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28493", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-27T20:57:47.708Z", "datePublished": "2026-03-09T21:29:39.035Z", "dateUpdated": "2026-03-10T17:17:04.148Z"}, "containers": {"cna": {"title": "ImageMagick has a Integer Overflow leading to out of bounds write in SIXEL decoder", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 7.1.2-16", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-09T21:29:39.035Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16."}], "source": {"advisory": "GHSA-r39q-jr8h-gcq2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T17:16:54.419872Z", "id": "CVE-2026-28493", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T17:17:04.148Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28493", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T17:16:54.419872Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T17:16:59.765Z"}}], "cna": {"title": "ImageMagick has a Integer Overflow leading to out of bounds write in SIXEL decoder", "source": {"advisory": "GHSA-r39q-jr8h-gcq2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 7.1.2-16"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-09T21:29:39.035Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28493", "state": "PUBLISHED", "dateUpdated": "2026-03-10T17:17:04.148Z", "dateReserved": "2026-02-27T20:57:47.708Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-09T21:29:39.035Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "E20BE285-7F97-4156-AFD3-80B9CFC8B945", "versionEndExcluding": "7.1.2-16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16."}], "id": "CVE-2026-28493", "lastModified": "2026-03-12T15:19:11.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-10T07:43:39.867", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service and information disclosure via integer overflow in SIXEL decoder", "id": "2445883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445883"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service (DoS) and potentially information disclosure."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted SIXEL image files with ImageMagick. If ImageMagick must process untrusted content, consider running it within a sandboxed environment to limit potential impact."}, "name": "CVE-2026-28493", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-03-09T21:29:39Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28493\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28493\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2"], "statement": "This MODERATE impact vulnerability affects ImageMagick in Red Hat Enterprise Linux and Community Projects. An integer overflow in the SIXEL decoder can lead to an out-of-bounds write when processing a specially crafted image, potentially resulting in a denial of service or other undefined behavior.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-16)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-17T11:51:14.350856+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version 7.1.2\u201116 or later.", "If an upgrade cannot be performed immediately, restrict or filter image inputs so that only trusted sources are processed, or disable SIXEL decoding for untrusted images.", "Disable the SIXEL decoder entirely if it is not needed for your application, or run ImageMagick processes in a restricted environment to limit the impact of a potential exploit."], "summary": {"action": "Immediate Patch", "impact": "Out-of-bounds write via integer overflow"}, "threat_synthesis": {"affected_systems": "The flaw affects the ImageMagick software family, specifically all releases prior to version 7.1.2\u201116. Systems running any earlier 7.x series or previous major releases are vulnerable if they compile or ship the legacy decoder component and accept external image input.", "description_and_impact": "ImageMagick, a widely-used image processing library, contains an integer overflow in its SIXEL decoder. The overflow can lead to an out-of-bounds write when a specially crafted image is parsed, potentially corrupting memory and causing crashes or enabling an attacker to execute arbitrary code. This vulnerability otherwise remains a local flaw that can be triggered by any entity able to influence image decoding, such as a user, a network service, or a malicious third\u2011party resource.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates a moderate severity, and the EPSS of less than 1% signals a very low but non\u2011zero likelihood of exploitation. ImageMagick is not listed in the CISA KEV catalog, suggesting no publicly known active exploitation at the time of analysis. The attack vector is inferred to be a malformed image received or processed locally or by a service that uses ImageMagick, which can trigger the out\u2011of\u2011bounds write without requiring elevated privileges."}}}}, "created": "2026-03-10T14:06:55.153830+00:00", "updated": "2026-04-17T12:00:11.755708+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}