GHSA-2gq3-ww97-wfjm | Mondoo Vulnerability Intelligence

GHSA-2gq3-ww97-wfjm

LOW3.7

ImageMagick has a possible heap Use After Free vulnerability in its meta coder

Published Feb 25, 2026

Modified 1 weeks ago

Fix available

Details

A heap Use After Free vulnerability exists in the meta coder when an allocation fails and a single byte is written to a stale pointer.

==535852==ERROR: AddressSanitizer: heap-use-after-free on address 0x5210000088ff at pc 0x5581bacac14d bp 0x7ffdf667edf0 sp 0x7ffdf667ede0
WRITE of size 1 at 0x5210000088ff thread T0

Affected Packages(17 packages)

Magick.NET-Q16-AnyCPU

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-HDRI-AnyCPU

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-HDRI-OpenMP-arm64

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-HDRI-OpenMP-x64

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-HDRI-arm64

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-HDRI-x64

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-HDRI-x86

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-OpenMP-arm64

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-OpenMP-x64

NuGet

Fixed in:

14.10.3

Magick.NET-Q16-OpenMP-x86

NuGet

Fixed in:

14.10.3

References

PACKAGE

https://github.com/ImageMagick/ImageMagick

WEB

https://github.com/ImageMagick/ImageMagick/commit/f5049954f12c6fcf090a776767526d2a4708d58b

WEB

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm

ADVISORY

https://github.com/advisories/GHSA-2gq3-ww97-wfjm

CVSS Analysis

CVSS v3.1

3.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

LowA:L

3.7/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Ecosystems

NuGet

Timeline

PublishedFeb 25, 2026

ModifiedFeb 25, 2026