ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` intera

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.

Affected Products

Vendor	Product	Versions
ImageMagick	ImageMagick	6.9.13-42, 7.1.2-17

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c

Related News (2 articles)

Tier C

VulDB12h ago

CVE-2026-33535 | ImageMagick up to 6.9.13-42/7.1.2-17 Image Parser out-of-bounds write (GHSA-mw3m-pqr2-qv7c)

→ No new info (linked only)

Tier B

BSI Advisories1d ago

[NEU] [mittel] ImageMagick: Mehrere Schwachstellen ermöglichen Denial of Service

→ No new info (linked only)

CVSS 3.14.0 CRITICAL

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-787

Published3/26/2026

Last enriched2h agov4

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Version History

Last enriched 2h ago

v4Tier C2h ago

Updated severity to CRITICAL and noted that the vulnerability is actively exploited.

severityactivelyExploited

via VulDB

v3Tier C10h ago

Updated description with critical vulnerability details, changed severity to CRITICAL, and added affected versions 6.9.13-42 and 7.1.2-17.

affectedVersions

via VulDB

v2Tier B11h ago

Updated vendor and product to ImageMagick, changed severity to HIGH, and marked the vulnerability as actively exploited with a new tag for Denial of Service.

vendorproducttags

via BSI Advisories

v112h ago

Initial creation

Vendor

Product

Versions

ImageMagick

6.9.13-42, 7.1.2-17