CVE-2026-40312

CWE-1936 documents4 sources
Severity
6.2MEDIUM
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Imagemagick Imagemagick
Timeline
PublishedApr 13

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

CVEListV5imagemagick/imagemagick< 7.1.2-19

🔴Vulnerability Details

1
CVEList
ImageMagick: Off-by-One in MSL decoder could result in crash2026-04-13

📋Vendor Advisories

1
Red Hat
ImageMagick: Magick.NET: ImageMagick and Magick.NET: Denial of Service via malicious MSL file processing2026-04-13

💬Community

3
Bugzilla
CVE-2026-40312 ImageMagick: Magick.NET: ImageMagick and Magick.NET: Denial of Service via malicious MSL file processing2026-04-13
Bugzilla
CVE-2026-40312 ImageMagick: ImageMagick and Magick.NET: Denial of Service via malicious MSL file processing [fedora-all]2026-04-13
Bugzilla
CVE-2026-40312 ImageMagick: ImageMagick and Magick.NET: Denial of Service via malicious MSL file processing [epel-all]2026-04-13
CVE-2026-40312 (MEDIUM CVSS 6.2) | ImageMagick is free and open-source | cvebase.io