VDB
CVE-2026-40169
CVE-2026-40169
PUBLISHED
CVSS 6.199999809265137 MEDIUM
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.
EPSS 0.00% · 0.3th percentile
Risk Scores
CVSS v3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.00%
0.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ImageMagick | ImageMagick | * |
Timeline
- Apr 13, 2026 CVE Published
- Apr 14, 2026 EPSS Score
- Apr 15, 2026 Security Advisory
- Apr 17, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh url
- https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38 url
- https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19 url
- https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0 url