ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

Vulnerability

An off-by-one error exists in the meta encoder of ImageMagick (versions prior to 14.13.1) [2]. This flaw can cause an out-of-bounds read of a single byte beyond the allocated buffer when processing specially crafted image files [3].

Exploitation

An attacker can exploit this vulnerability by providing a malicious image file to an application that uses the affected ImageMagick library. No authentication or user interaction is required; the attack can be performed over a network [3]. The off-by-one condition is triggered during meta encoding, leading to a read of one byte outside the intended buffer.

Impact

Successful exploitation results in an out-of-bounds read, which may disclose a single byte of adjacent memory. This could leak sensitive information, such as cryptographic keys or other data, depending on the memory layout. The confidentiality impact is limited to a single byte, but repeated exploitation could accumulate information [3].

Mitigation

The vulnerability is fixed in ImageMagick version 14.13.1, released on May 16, 2026 [2]. Users should update to this version or later. For environments where immediate patching is not possible, consider restricting image processing to trusted sources and using security policies to limit the meta encoder functionality.