MEDIUM 5.3

CVE-2026-45358: ImageMagick Off-by-One Meta Encoder Information Disclosure

ImageMagick, widely used image processing software, contains an off-by-one error in its meta encoder that allows reading a single byte of memory beyond intended bounds. An unauthenticated attacker can trigger this vulnerability over the network without user interaction, potentially exposing sensitive information from the application's memory. The vulnerability affects ImageMagick versions prior to 6.9.13-47 (legacy branch) and 7.1.2-22 (current branch).

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weaknesses (CWE)
CWE-125, CWE-193
Affected products
1 configuration(s)
Published / Modified
2026-06-10 / 2026-06-17

NVD description (verbatim)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability stems from an off-by-one error (CWE-193) in the meta encoder component, resulting in an out-of-bounds read of one byte. The flaw is reachable via network input without authentication or user action, as indicated by the CVSS vector. While limited to reading a single byte, this can leak sensitive data from adjacent memory regions—credentials, encryption keys, or other secrets—depending on heap/stack layout and what data coincides with the vulnerable buffer boundary. The condition exists because bounds checking in the encoder's loop or array indexing logic failed to account for an off-by-one margin.

Business impact

Exploitation could expose confidential information processed or stored by systems running vulnerable ImageMagick instances, particularly where image metadata handling involves sensitive data. This is most concerning in cloud image processing services, content management systems, and automated image pipeline tools. While confidentiality is the primary risk (no code execution or integrity impact), information disclosure can compromise API keys, user data, or intermediate processing artifacts. The attack surface is broad because image uploads are common in web applications.

Affected systems

ImageMagick versions 6.9.13-46 and earlier in the 6.9.x line, and versions 7.1.2-21 and earlier in the 7.x line. Any system or application that uses ImageMagick for image processing and ingests untrusted images is potentially exposed. This includes web applications with file upload features, automated batch image processors, containerized environments using ImageMagick base images, and content delivery platforms. Check your deployment's ImageMagick version via `convert -version` or equivalent.

Exploitability

Exploitation requires only network access and the ability to submit an image file to a service running vulnerable ImageMagick; no authentication, user interaction, or complex manipulation is needed. An attacker can craft a specially formatted image that triggers the off-by-one condition during meta encoder processing. The barrier to exploitation is low, though the practical value of leaked data depends on timing, memory layout, and what secrets happen to reside near the vulnerable buffer. No known public exploits or KEV inclusion indicate this is not yet under active mass exploitation, but the straightforward attack vector warrants prompt patching.

Remediation

Upgrade ImageMagick to version 6.9.13-47 or later (6.9.x branch) or version 7.1.2-22 or later (7.x branch). Most users should target 7.1.2-22 or newer unless constrained to the legacy 6.9.x line. Verify the patched version is installed by running `convert -version` and confirming the version number. In environments where immediate patching is not feasible, disable or restrict image upload functionality, isolate ImageMagick processing to sandboxed or air-gapped systems, and monitor for suspicious image submissions.

Patch guidance

Patch availability: ImageMagick 6.9.13-47 and 7.1.2-22 contain the fix. Check your package manager (apt, yum, brew, etc.) for availability; some Linux distributions may lag upstream releases. Compile from source if necessary at imagemagick.org. For containerized deployments, rebuild images with the patched version and redeploy. For systems using ImageMagick as a library (e.g., via ImageMagick-sharp, python-wand), ensure your wrapper library version is updated to link against patched ImageMagick. Test image processing workflows after patching to confirm compatibility.

Detection guidance

Monitor ImageMagick process execution and system calls for unusual memory access patterns or crashes in the meta encoder (difficult to detect without deep instrumentation). More practical: log all image uploads and their sources; correlate image submissions with any memory disclosure or crash events in application logs. Search your environment for ImageMagick versions via package managers, running process audits, or container scanning. Set up alerts for any image processing failures that could indicate attack attempts. Consider network-based detection by inspecting image files for malformed metadata that triggers the encoder.

Why prioritize this

MEDIUM severity (CVSS 5.3) reflects information disclosure without code execution. However, prioritize this above score suggests because: (1) network-reachable with no auth; (2) common software in image-heavy applications; (3) potential for sensitive data leaks; (4) patches are available and low-risk to deploy. Organizations handling confidential images, user uploads, or metadata-rich workflows should patch urgently. Others should prioritize within a standard patching cycle (2–4 weeks).

Risk score, explained

CVSS 5.3 (Medium) accounts for: AV:N (network-reachable), AC:L (low complexity, simple crafted input), PR:N (no privilege required), UI:N (no user interaction needed), S:U (no scope change), C:L (limited confidentiality impact—one byte leak), I:N (no integrity impact), A:N (no availability impact). The score appropriately reflects that while the attack is easy to mount, the direct damage per incident is constrained. However, contextual risk may be higher in systems processing secrets or PII.

Frequently asked questions

Can this vulnerability lead to remote code execution?

No. The vulnerability is limited to reading one byte of memory. It does not allow writing to memory or executing code. However, the disclosed byte could theoretically be part of a more complex exploitation chain if combined with other vulnerabilities.

Do I need to restart services after patching ImageMagick?

Yes. Any application or service using ImageMagick must be restarted to load the patched library. For web applications, restart the app server. For batch processors or daemons, restart those services. Verify the new version is running via version check commands.

What if I cannot patch immediately?

Implement defense-in-depth: restrict image uploads to trusted sources, disable image processing for untrusted inputs, run ImageMagick in a restricted environment (container, VM, sandboxed user), and monitor logs for anomalies. These mitigations reduce (but do not eliminate) risk.

Does this affect all image formats?

The vulnerability is in the meta encoder, which processes image metadata across multiple formats (JPEG, PNG, GIF, etc.). Any image format that ImageMagick decodes and whose metadata is processed by the vulnerable encoder code could trigger the issue.

This analysis is based on the CVE record and publicly available information as of the publication date. Actual risk varies by deployment, data sensitivity, and network exposure. Organizations should conduct their own vulnerability assessment and threat modeling. Patch versions and vendor advisories are provided for reference; verify against official ImageMagick releases before deployment. SEC.co does not warrant the accuracy of third-party version information or patch availability; confirm patched versions with your vendor or distribution maintainer. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).