ImageMagick has a heap Buffer Over-read in its DJVU image format handler
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap buffer over-read in ImageMagick's DJVU image handler due to integer truncation in stride calculation.
A heap buffer over-read vulnerability exists in ImageMagick's DJVU image format handler, affecting versions prior to 7.1.2-15 and 6.9.13-40. The flaw is caused by integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, leading to an out-of-bounds memory read condition [1].
Exploitation requires processing a specially crafted DJVU file. The vulnerability is triggered during image decoding when the stride calculation overflows, causing the buffer allocation to be undersized. This allows an attacker to cause the decoder to read memory beyond the allocated buffer bounds. No authentication is required, as the attack vector is remote through file parsing [1][4].
A successful exploit could result in information disclosure via out-of-bounds memory reads, potentially leaking sensitive data from adjacent heap memory. The vulnerability does not directly allow code execution, but memory corruption may lead to other impacts depending on the application's usage [1].
Both ImageMagick 7.1.2-15 and 6.9.13-40 contain a patch that corrects the stride calculation to prevent integer overflow. Users are strongly advised to update to these patched versions. The issue is also tracked as GitHub Security Advisory GHSA-r99p-5442-q2x2 [1][3][4].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Magick.NET-Q16-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-x86NuGet | < 14.10.3 | 14.10.3 |
Affected products
2<7.1.2-15 && <6.9.13-40+ 1 more
- (no CPE)range: <7.1.2-15 && <6.9.13-40
- (no CPE)range: < 6.9.13-40
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-r99p-5442-q2x2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27799ghsaADVISORY
- github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2ccedghsax_refsource_MISCWEB
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2ghsax_refsource_CONFIRMWEB
- github.com/dlemstra/Magick.NET/releases/tag/14.10.3ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.