CVE-2026-45664
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ImageMagick | ImageMagick | < 6.9.13-47 | affected |
| ImageMagick | ImageMagick | < 7.1.2-22 | affected |
Weaknesses
- CWE-400: CWE-400: Uncontrolled Resource Consumption
- CWE-407: CWE-407: Inefficient Algorithmic Complexity
- CWE-674: CWE-674: Uncontrolled Recursion
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
ImageMagick: ImageMagick: Denial of Service due to excessive resource use in MNG coder
Additional References
- https://access.redhat.com/security/cve/CVE-2026-45664
- https://bugzilla.redhat.com/show_bug.cgi?id=2487732
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45664.json
- https://access.redhat.com/errata/RHSA-2026:32961
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.