CVE-2026-48734

Published: Jun 10, 2026Modified: Jun 11, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.

Affected (2)

Products: Imagemagick: Imagemagick

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 6.9.13-49
Imagemagick Imagemagick	From 7.0.0-0 to 7.1.2-24

Related CWEs

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (1)

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.