GHSA-q8h3-jv9v-57qx

LOW3.3

ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing

Published Apr 14, 2026

Modified 1 weeks ago

Fix available

Details

An incorrect morphology would allow an out of bounds read of a single pixel.

==1200284==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5100000002d0 at pc 0x59e28e60c27a bp 0x7fff047fd8e0 sp 0x7fff047fd8d0
READ of size 4 at 0x5100000002d0 thread T0

Affected Packages(18 packages)

Magick.NET-Q16-AnyCPU

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-HDRI-AnyCPU

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-HDRI-OpenMP-arm64

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-HDRI-OpenMP-x64

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-HDRI-arm64

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-HDRI-x64

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-HDRI-x86

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-OpenMP-arm64

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-OpenMP-x64

NuGet

Fixed in:

14.12.0

Magick.NET-Q16-arm64

NuGet

Fixed in:

14.12.0

References

PACKAGE

https://github.com/ImageMagick/ImageMagick

WEB

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx

ADVISORY

https://github.com/advisories/GHSA-q8h3-jv9v-57qx

CVSS Analysis

CVSS v3.1

3.3

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

LowA:L

3.3/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Ecosystems

NuGet

Timeline

PublishedApr 14, 2026

ModifiedApr 16, 2026

GHSA-q8h3-jv9v-57qx | Mondoo Vulnerability Intelligence