Medium severity4.0NVD Advisory· Published Mar 26, 2026· Updated Apr 2, 2026
CVE-2026-33535
CVE-2026-33535
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Magick.NET-Q16-AnyCPUNuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-HDRI-AnyCPUNuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-HDRI-arm64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-HDRI-x64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-HDRI-x86NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-OpenMP-arm64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-OpenMP-x64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-OpenMP-x86NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-arm64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-x64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q16-x86NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q8-AnyCPUNuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q8-OpenMP-arm64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q8-OpenMP-x64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q8-arm64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q8-x64NuGet | < 14.11.1 | 14.11.1 |
Magick.NET-Q8-x86NuGet | < 14.11.1 | 14.11.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7cnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-mw3m-pqr2-qv7cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33535ghsaADVISORY
News mentions
0No linked articles in our index yet.