{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28687", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-02T21:43:19.927Z", "datePublished": "2026-03-09T21:37:24.006Z", "dateUpdated": "2026-03-10T16:01:57.138Z"}, "containers": {"cna": {"title": "ImageMagick has a Heap Use-After-Free in ImageMagick MSL decoder", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-16", "status": "affected"}, {"version": "< 6.9.13-41", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-09T21:37:24.006Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}], "source": {"advisory": "GHSA-fpvf-frm6-625q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T16:01:50.513169Z", "id": "CVE-2026-28687", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T16:01:57.138Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28687", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T16:01:50.513169Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T16:01:53.982Z"}}], "cna": {"title": "ImageMagick has a Heap Use-After-Free in ImageMagick MSL decoder", "source": {"advisory": "GHSA-fpvf-frm6-625q", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-16"}, {"status": "affected", "version": "< 6.9.13-41"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-09T21:37:24.006Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28687", "state": "PUBLISHED", "dateUpdated": "2026-03-10T16:01:57.138Z", "dateReserved": "2026-03-02T21:43:19.927Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-09T21:37:24.006Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFFB7C48-4211-4215-9C0B-D285B8E09CF1", "versionEndExcluding": "6.9.13-41", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "865783BD-5A33-4D05-AF99-E6EFE76414D1", "versionEndExcluding": "7.1.2-16", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}], "id": "CVE-2026-28687", "lastModified": "2026-03-12T15:09:43.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-10T07:43:43.660", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Heap use-after-free vulnerability allows denial of service via crafted MSL file", "id": "2445897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445897"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. A heap use-after-free vulnerability in ImageMagick's MSL (Magick Scripting Language) decoder allows an attacker to trigger access to freed memory by crafting a malicious MSL file. This can lead to a denial of service."], "mitigation": {"lang": "en:us", "value": "To reduce the risk of exploitation, avoid processing untrusted or suspicious MSL files with ImageMagick. Implement strict input validation and ensure that ImageMagick only processes files from trusted sources. If ImageMagick is deployed in a server environment, consider isolating the application within a sandboxed environment to limit potential impact."}, "name": "CVE-2026-28687", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-03-09T21:37:24Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28687\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28687\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q"], "statement": "MODERATE: This flaw in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by processing a specially crafted MSL file. This could lead to application crashes or potentially arbitrary code execution. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected by this vulnerability.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-16)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-41)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-16T10:08:57.149064+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version\u202f7.1.2\u201116 or later, or\u202f6.9.13\u201141 or later.", "If an upgrade is not immediately possible, disable processing of MSL files or restrict access to the functionality that parses MSL images.", "Apply vendor security advisories and monitor the ImageMagick project for subsequent patches or additional mitigations."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All ImageMagick releases older than 7.1.2\u201116 and 6.9.13\u201141 are affected. Systems that still run those legacy versions need to update to the patched releases to eliminate the flaw.", "description_and_impact": "The vulnerability is a heap use\u2011after\u2011free in ImageMagick\u2019s MSL decoder. By crafting a malicious MSL file, an attacker can trigger access to freed memory, potentially causing a crash or unexpected application behavior. The core weakness is captured by CWE\u2011416 and CWE\u2011825, and may lead to denial of service or, in some exploitation scenarios, remote code execution if the freed memory can be overwritten.", "risk_and_exploitability": "The CVSS base score of 5.3 indicates moderate severity. The EPSS score is reported as less than 1\u202f%, meaning exploitation likelihood is low but not impossible. The vulnerability is not listed in the CISA KEV catalog, so no large\u2011scale attacks have been documented. The attack vector appears to be local file processing; an attacker must supply a crafted MSL image to the vulnerable ImageMagick instance, and no explicit authentication is required by the description."}}}}, "created": "2026-03-10T14:06:52.545753+00:00", "updated": "2026-04-16T10:15:26.109851+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}