{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32259", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-11T15:05:48.397Z", "datePublished": "2026-03-12T19:38:12.192Z", "dateUpdated": "2026-03-13T16:14:03.956Z"}, "containers": {"cna": {"title": "ImageMagick has a possible stack buffer overflow in sixel encoder", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-16", "status": "affected"}, {"version": "< 6.9.13-41", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T19:38:12.192Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}], "source": {"advisory": "GHSA-49hx-7656-jpg3", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:13:57.120549Z", "id": "CVE-2026-32259", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:14:03.956Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "ImageMagick has a possible stack buffer overflow in sixel encoder", "source": {"advisory": "GHSA-49hx-7656-jpg3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-16"}, {"status": "affected", "version": "< 6.9.13-41"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T19:38:12.192Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32259", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-13T16:13:57.120549Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-13T16:13:59.926Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-32259", "state": "PUBLISHED", "dateUpdated": "2026-03-12T19:38:12.192Z", "dateReserved": "2026-03-11T15:05:48.397Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-12T19:38:12.192Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFFB7C48-4211-4215-9C0B-D285B8E09CF1", "versionEndExcluding": "6.9.13-41", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "865783BD-5A33-4D05-AF99-E6EFE76414D1", "versionEndExcluding": "7.1.2-16", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}, {"lang": "es", "value": "ImageMagick es software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de 7.1.2-16 y 6.9.13-41, cuando una asignaci\u00f3n de memoria falla en el codificador sixel, ser\u00eda posible escribir m\u00e1s all\u00e1 del final de un b\u00fafer en la pila. Esta vulnerabilidad est\u00e1 corregida en 7.1.2-16 y 6.9.13-41."}], "id": "CVE-2026-32259", "lastModified": "2026-03-18T14:29:45.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-12T20:16:05.863", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: stack-based buffer overflow in sixel encoder", "id": "2447112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447112"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["A flaw was found in ImageMagick. Processing a specially crafted file with the sixel encoder can cause a stack-based buffer overflow when a memory allocation fails, leading to a denial of service."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, disable the vulnerable encoder by adding the following line to the ImageMagick policy.xml file, typically located in the directory /etc/ImageMagick-7/, /etc/ImageMagick-6/ or /etc/ImageMagick/:\n~~~\n<policy domain=\"coder\" rights=\"none\" pattern=\"sixel\" />\n~~~\nTo reduce the risk of exploitation, avoid processing sixel files from untrusted sources. If ImageMagick is deployed in a way that it processes files from untrusted sources automatically, consider running the application inside a container or a restricted sandbox environment to limit the potential security impact."}, "name": "CVE-2026-32259", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-03-12T19:38:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32259\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32259\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3"], "statement": "To exploit this issue, an attacker needs to convince a user to process a specially crafted file that makes ImageMagick use the sixel encoder.\nDefault Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability to a denial of service.\nDue to these reasons, this vulnerability has been rated with a moderate severity.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-16)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-41)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-03-18T15:10:50.751614+00:00", "value": {"mitigation_remediation": ["Update ImageMagick to version 7.1.2-16 or newer, or 6.9.13-41 or a later release.", "Verify that the upgrade has been applied correctly by checking the installed version.", "If an update cannot be performed immediately, avoid processing sixel encoded images until the fix is applied.", "Monitor vendor advisories for any additional patches or recommendations."], "summary": {"action": "Patch Immediately", "impact": "Stack Buffer Overflow"}, "threat_synthesis": {"affected_systems": "Affected product is ImageMagick. Versions before 7.1.2-16 and before 6.9.13-41 are vulnerable. The vulnerability is fixed in ImageMagick 7.1.2-16 and 6.9.13-41.", "description_and_impact": "ImageMagick has a possible stack buffer overflow in its sixel encoder. When a memory allocation fails during sixel encoding, the program can write beyond the end of a stack buffer, potentially corrupting memory. This flaw is a classic stack buffer overflow (CWE-121) that could lead to exploitation such as arbitrary code execution or program termination, depending on the attacker's control over the input.", "risk_and_exploitability": "The CVSS severity is 6.7 (Medium). EPSS indicates a very low likelihood of exploitation (<1%). It is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector involves processing a malicious sixel-encoded image; therefore, local or remote attacker with ability to submit such data to the vulnerable ImageMagick instance could exploit the flaw."}}}}, "created": "2026-03-13T09:50:02.351460+00:00", "updated": "2026-03-23T09:54:51.694543+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}