CVE-2026-40183

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write6 documents4 sources

Severity

5.5MEDIUM

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Imagemagick

Timeline

PublishedApr 13

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5imagemagick/imagemagick< 7.1.2-19

🔴Vulnerability Details

CVEList

ImageMagick: Heap buffer overflow when encoding JXL image with a 16-bit float↗2026-04-13

▶

📋Vendor Advisories

Red Hat

ImageMagick: Magick.NET: ImageMagick: Denial of Service via heap write overflow in JXL encoder↗2026-04-13

▶

💬Community

Bugzilla

CVE-2026-40183 ImageMagick: ImageMagick: Denial of Service via heap write overflow in JXL encoder [fedora-all]↗2026-04-13

▶

Bugzilla

CVE-2026-40183 ImageMagick: ImageMagick: Denial of Service via heap write overflow in JXL encoder [epel-all]↗2026-04-13

▶

Bugzilla

CVE-2026-40183 ImageMagick: Magick.NET: ImageMagick: Denial of Service via heap write overflow in JXL encoder↗2026-04-13

▶