ImageMagick: Policy Bypass in MNG coder could_CVE-2026-45664

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Basic Information

ID CVE-2026-45664

Source GitHub_M

Published Jun 10, 2026 at 21:30

Affected Product

Vendor ImageMagick

Product ImageMagick

Version < 6.9.13-47

Affected Versions ImageMagick ImageMagick < 6.9.13-47
ImageMagick ImageMagick < 7.1.2-22

CWE Classification

CWE-400 CWE-407 CWE-674

References

github.com /ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6

{
    "lastseen": "",
    "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.",
    "published": "2026-06-10T21:30:51.855Z",
    "modified": "2026-06-10T21:30:51.855Z",
    "type": "cve",
    "title": "ImageMagick: Policy Bypass in MNG coder could",
    "source": "GitHub_M",
    "references": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6",
    "id": "CVE-2026-45664",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400",
        "CWE-407",
        "CWE-674"
    ],
    "cvelist": null,
    "sourceData": "ImageMagick ImageMagick < 6.9.13-47\nImageMagick ImageMagick < 7.1.2-22",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ImageMagick",
    "version": "< 6.9.13-47",
    "vendor": "ImageMagick",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}