CVE-2026-40169

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write6 documents4 sources
Severity
6.2MEDIUM
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Imagemagick Imagemagick
Timeline
PublishedApr 13

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

CVEListV5imagemagick/imagemagick< 7.1.2-19

🔴Vulnerability Details

1
CVEList
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders2026-04-13

📋Vendor Advisories

1
Red Hat
ImageMagick: Magick.NET: ImageMagick: Denial of Service via crafted image leading to out-of-bounds write2026-04-13

💬Community

3
Bugzilla
CVE-2026-40169 ImageMagick: ImageMagick: Denial of Service via crafted image leading to out-of-bounds write [epel-all]2026-04-13
Bugzilla
CVE-2026-40169 ImageMagick: Magick.NET: ImageMagick: Denial of Service via crafted image leading to out-of-bounds write2026-04-13
Bugzilla
CVE-2026-40169 ImageMagick: ImageMagick: Denial of Service via crafted image leading to out-of-bounds write [fedora-all]2026-04-13
CVE-2026-40169 (MEDIUM CVSS 6.2) | ImageMagick is free and open-source | cvebase.io