{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40311", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-10T21:41:54.505Z", "datePublished": "2026-04-13T21:36:44.262Z", "dateUpdated": "2026-04-14T15:48:36.521Z"}, "containers": {"cna": {"title": "ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-693", "lang": "en", "description": "CWE-693: Protection Mechanism Failure", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d"}, {"name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"}, {"name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 7.1.2-19", "status": "affected"}, {"version": "< 6.9.13-44", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-13T21:36:44.262Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."}], "source": {"advisory": "GHSA-r83h-crwp-3vm7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:48:25.480967Z", "id": "CVE-2026-40311", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:48:36.521Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40311", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:48:25.480967Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:48:32.477Z"}}], "cna": {"title": "ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values", "source": {"advisory": "GHSA-r83h-crwp-3vm7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 7.1.2-19"}, {"status": "affected", "version": "< 6.9.13-44"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d", "name": "https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "name": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-13T21:36:44.262Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40311", "state": "PUBLISHED", "dateUpdated": "2026-04-14T15:48:36.521Z", "dateReserved": "2026-04-10T21:41:54.505Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-13T21:36:44.262Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEBAB6BF-AFEC-4D29-95E8-88C4585C9896", "versionEndExcluding": "6.9.13-44", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "80D20334-B25F-479D-A411-DBD1364D303C", "versionEndExcluding": "7.1.2-19", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19."}], "id": "CVE-2026-40311", "lastModified": "2026-04-17T20:43:48.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-13T22:16:29.950", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-693"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via heap use-after-free in XMP profile processing", "id": "2458051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458051"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in ImageMagick. This heap use-after-free vulnerability can be triggered when processing an invalid XMP (Extensible Metadata Platform) profile. An attacker could craft a malicious image file that, when read and processed by ImageMagick, may lead to a crash, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-40311", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-04-13T21:36:44Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40311\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40311\nhttps://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d\nhttps://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7\nhttps://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-19)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-44)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-14T01:35:28.241561+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version 7.1.2\u201119 or later, or 6.9.13\u201144 or later.", "If upgrading immediately is not possible, avoid processing XMP metadata from untrusted sources until a patch is applied.", "Monitor for crash logs and consider isolating image processing in a restricted environment."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (Crash)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects ImageMagick releases older than 7.1.2\u201119 and 6.9.13\u201144 across all supported operating systems. Users running those versions should review their deployments.", "description_and_impact": "A heap use\u2011after\u2011free flaw in ImageMagick allows a crafted XMP profile to trigger an invalid memory access during value printing, leading to a crash. The defect does not provide code execution but results in denial of service. The weakness is identified as a use\u2011after\u2011free (CWE\u2011416).", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. EPSS data is unavailable, and the issue is not in the CISA KEV list. Exploiting the flaw requires an attacker to supply a malicious XMP profile to an application that loads ImageMagick, resulting in a crash. The attack vector is likely local or remote depending on the application boundary, but no privilege escalation or remote code execution is demonstrated."}}}}, "created": "2026-04-14T16:17:06.484470+00:00", "updated": "2026-04-14T16:32:57.726196+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}