Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.

INFO

Published Date :

2026-01-20T01:01:38.527Z

Last Modified :

2026-02-26T14:44:46.038Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23876 vulnerability.

Vendors Products
Imagemagick
  • Imagemagick
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23876.

URL Resource
https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 cve-icon cve-icon cve-icon
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23876 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23876 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact