wid-sec-w-2026-0643 · Published 2026-03-09 · View on BSI CERT-Bund ↗

ImageMagick: Multiple Vulnerabilities

CVSS 8.1 HIGH

Risk Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

CVEs (17)

CVE-2026-28493 CVE-2026-28494 CVE-2026-28686 CVE-2026-28687 CVE-2026-28688 CVE-2026-28689 CVE-2026-28690 CVE-2026-28691 CVE-2026-28692 CVE-2026-28693 CVE-2026-30883 CVE-2026-30929 CVE-2026-30931 CVE-2026-30935 CVE-2026-30936 CVE-2026-30937 CVE-2026-31853

Affected Vendors

Amazon Debian Open Source Red Hat SUSE Ubuntu

Affected Products (4)

Open Source · ImageMagick <7.1.2-16

Open Source · ImageMagick 7.1.2-16

Open Source · ImageMagick <6.9.13-41

Open Source · ImageMagick 6.9.13-41

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more