CVE-2026-23876
published 2026-01-20CVE-2026-23876: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.61%
44.7th percentile
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | imagemagick | < imagemagick 8:6.9.11.60+dfsg-1.6+deb12u6 (bookworm) | imagemagick 8:6.9.11.60+dfsg-1.6+deb12u6 (bookworm) |
| imagemagick | imagemagick | < 7.1.2-13 | 7.1.2-13 |
| imagemagick | imagemagick | < 6.9.13-38 | 6.9.13-38 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.3+deb11u9 | 8:6.9.11.60+dfsg-1.3+deb11u9 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.6+deb12u6 | 8:6.9.11.60+dfsg-1.6+deb12u6 |
| imagemagick | imagemagick | >= 0 < 8:7.1.1.43+dfsg1-1+deb13u5 | 8:7.1.1.43+dfsg1-1+deb13u5 |
| imagemagick | imagemagick | >= 0 < 8:7.1.2.13+dfsg1-1 | 8:7.1.2.13+dfsg1-1 |
| imagemagick | imagemagick | >= 7.0.0-0 < 7.1.2-13 | 7.1.2-13 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ImageMagick vulnerability
vendor_ubuntu·2026-02-10
CVE-2026-23876 ImageMagick vulnerability
Title: ImageMagick vulnerability
Summary: ImageMagick could be made to crash or run programs as your login if it
opened a specially crafted file.
Benny Isaacs discovered that ImageMagick did not properly manage memory
when processing certain image files. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file
vendor_redhat·2026-01-20·CVSS 8.1
CVE-2026-23876 [HIGH] CWE-787 ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file
ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.
A flaw was found in ImageMagick. A heap buffer overflow, a type of memory corruption, in the XBM image decoder (ReadXBMImage) allows a remote attacker to write controlled data beyond the
Debian
CVE-2026-23876: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d...
vendor_debian·2026·CVSS 8.1
CVE-2026-23876 [HIGH] CVE-2026-23876: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d...
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.
Scope: local
bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u6)
bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u9)
forky: resolved (fixed in 8:7.1.2.13+dfsg1-1)
sid: resolved (fixed in 8:7.1.2.13+dfsg1-1)
trixie: resolved (fixed in 8:7.1.1.43+dfsg1-1+d
OSV
CVE-2026-23876: ImageMagick is free and open-source software used for editing and manipulating digital images
osv·2026-01-20·CVSS 9.8
CVE-2026-23876 [CRITICAL] CVE-2026-23876: ImageMagick is free and open-source software used for editing and manipulating digital images
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-23876 ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file [fedora-42]
bugzilla·2026-01-20·CVSS 9.8
CVE-2026-23876 [CRITICAL] CVE-2026-23876 ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file [fedora-42]
CVE-2026-23876 ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained
Wiz
CVE-2026-23876 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-23876 [HIGH] CVE-2026-23876 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23876 :
ImageMagick vulnerability analysis and mitigation
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.
Source : NVD
## 9.8
Score
Published January 20, 2026
Severity CRITICAL
CNA Score 8.1
Affected Technologies
ImageMagick
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CI
https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8https://access.redhat.com/errata/RHSA-2026:3058https://access.redhat.com/security/cve/CVE-2026-23876https://bugzilla.redhat.com/show_bug.cgi?id=2431038https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23876.json
2026-01-20
Published