{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33899", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T15:41:47.490Z", "datePublished": "2026-04-13T20:46:43.781Z", "dateUpdated": "2026-04-16T13:26:40.513Z"}, "containers": {"cna": {"title": "ImageMagick: Heap BufferOverflow write of single zero byte when parsing XML", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-191", "lang": "en", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d"}, {"name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"}, {"name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 6.9.13-44", "status": "affected"}, {"version": "< 7.1.2-19", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-13T20:46:43.781Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."}], "source": {"advisory": "GHSA-cr67-pvmx-2pp2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33899", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T13:22:04.220155Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:26:40.513Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33899", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T13:22:04.220155Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:26:19.443Z"}}], "cna": {"title": "ImageMagick: Heap BufferOverflow write of single zero byte when parsing XML", "source": {"advisory": "GHSA-cr67-pvmx-2pp2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 6.9.13-44"}, {"status": "affected", "version": "< 7.1.2-19"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d", "name": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-13T20:46:43.781Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33899", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:26:40.513Z", "dateReserved": "2026-03-24T15:41:47.490Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-13T20:46:43.781Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEBAB6BF-AFEC-4D29-95E8-88C4585C9896", "versionEndExcluding": "6.9.13-44", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "80D20334-B25F-479D-A411-DBD1364D303C", "versionEndExcluding": "7.1.2-19", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."}], "id": "CVE-2026-33899", "lastModified": "2026-04-17T21:20:26.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-13T21:16:25.170", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-191"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via out-of-bounds write in XML parsing", "id": "2458026", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458026"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-805", "details": ["A flaw was found in ImageMagick. When processing a specially crafted XML file, a remote attacker could exploit an out-of-bounds write vulnerability. This could lead to a denial of service, making the affected program unavailable."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-33899", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-04-13T20:46:43Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-33899\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33899\nhttps://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d\nhttps://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2\nhttps://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-44)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-19)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-14T01:36:37.952168+00:00", "value": {"mitigation_remediation": ["Update ImageMagick to 7.1.2\u201119 or later", "For 6.x users, upgrade to at least 6.9.13\u201144", "If an immediate update is not possible, avoid parsing untrusted XML files with Magick"], "summary": {"action": "Apply patch", "impact": "Out-of-bounds write; memory corruption"}, "threat_synthesis": {"affected_systems": "The affected product is ImageMagick. Versions earlier than 7.1.2-189 and 6.9.13-44 are vulnerable. ImageMagick developers have issued a fix that was released in version 7.1.2\u201119 and in 6.9.13\u201144, effectively removing the error from later builds.", "description_and_impact": "Parsing of an XML file in ImageMagick may trigger a heap buffer overflow that writes a single zero byte past the end of an allocated buffer. This overrun can corrupt memory, potentially leading to unstable system behavior or higher\u2011level exploitation such as local code execution. The flaw is classified under the CWE identifiers for heap buffer overflow (CWE\u2011122), signed integer overflow (CWE\u2011191), and out\u2011of\u2011bounds write (CWE\u2011805). The CVSS score for this vulnerability is 5.3, indicating a medium severity.", "risk_and_exploitability": "With a CVSS score of 5.3 and no publicly documented exploits, the likelihood of remote exploitation appears low; however, the vulnerability still permits local or internal attackers to corrupt memory by feeding crafted XML files to a running instance of Magick, potentially elevating privileges or causing denial of service. The lack of EPSS data and its absence from CISA's KEV catalog suggest limited exploitation activity, yet the known severity warrants prompt remediation."}}}}, "created": "2026-04-14T16:18:09.886776+00:00", "updated": "2026-04-14T16:33:16.846997+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}