wid-sec-w-2026-0744 · Published 2026-03-16 · View on BSI CERT-Bund ↗

ImageMagick: Vulnerability allows Denial of Service

CVSS 5.3 MEDIUM

Risk Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue.

CVEs (1)

CVE-2026-32636

Affected Vendors

Amazon Open Source SUSE Ubuntu

Affected Products (4)

Open Source · ImageMagick <7.1.2-17

Open Source · ImageMagick 7.1.2-17

Open Source · ImageMagick <6.9.13-42

Open Source · ImageMagick 6.9.13-42

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more