CVE-2026-34238

ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds

Severity Score

5.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

*Credits: N/A

CVSS Scores

GitHubv3.1 5.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2026-03-26 CVE Reserved
2026-04-13 CVE Published
2026-04-14 CVE Updated
2026-05-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound
CWE-787: Out-of-bounds Write

CAPEC

References (4)

URL	Tag	Source
https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440	X_refsource_misc
https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19	X_refsource_misc
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v	X_refsource_confirm
https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
ImageMagick Search vendor "ImageMagick"		ImageMagick Search vendor "ImageMagick" for product "ImageMagick"				< 6.9.13 Search vendor "ImageMagick" for product "ImageMagick" and version " < 6.9.13"		en		Affected
ImageMagick Search vendor "ImageMagick"		ImageMagick Search vendor "ImageMagick" for product "ImageMagick"				< 7.1.2 Search vendor "ImageMagick" for product "ImageMagick" and version " < 7.1.2"		en		Affected