Medium severity5.3GHSA Advisory· Published Jun 10, 2026· Updated Jun 11, 2026
CVE-2026-45664
CVE-2026-45664
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Magick.NET-Q16-AnyCPUNuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-HDRI-AnyCPUNuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-HDRI-OpenMP-x64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-HDRI-arm64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-HDRI-x64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-HDRI-x86NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-OpenMP-arm64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-OpenMP-x64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-arm64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-x64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q16-x86NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q8-AnyCPUNuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q8-OpenMP-arm64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q8-OpenMP-x64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q8-arm64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q8-x64NuGet | < 14.13.1 | 14.13.1 |
Magick.NET-Q8-x86NuGet | < 14.13.1 | 14.13.1 |
Affected products
32< 14.13.1+ 1 more
- (no CPE)range: < 14.13.1
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*range: <6.9.13-47
- ghsa-coords30 versionspkg:nuget/magick.net-q16-anycpupkg:nuget/magick.net-q16-arm64pkg:nuget/magick.net-q16-hdri-anycpupkg:nuget/magick.net-q16-hdri-arm64pkg:nuget/magick.net-q16-hdri-openmp-arm64pkg:nuget/magick.net-q16-hdri-openmp-x64pkg:nuget/magick.net-q16-hdri-x64pkg:nuget/magick.net-q16-hdri-x86pkg:nuget/magick.net-q16-openmp-arm64pkg:nuget/magick.net-q16-openmp-x64pkg:nuget/magick.net-q16-x64pkg:nuget/magick.net-q16-x86pkg:nuget/magick.net-q8-anycpupkg:nuget/magick.net-q8-arm64pkg:nuget/magick.net-q8-openmp-arm64pkg:nuget/magick.net-q8-openmp-x64pkg:nuget/magick.net-q8-x64pkg:nuget/magick.net-q8-x86pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
< 14.13.1+ 29 more
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 14.13.1
- (no CPE)range: < 7.1.2.25-2.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
- (no CPE)range: < 7.1.0.9-150400.6.87.1
Patches
Vulnerability mechanics
References
3- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-g5mf-wqq5-vwg6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-45664ghsaADVISORY
News mentions
2- ImageMagick: 25 Vulnerabilities Disclosed in Single Batch on June 10, 2026Vypr Intelligence · Jun 10, 2026
- ImageMagick: 12 CVEs Disclosed in a Single Day — Heap Bugs, Policy Bypasses, and Stack OverflowsVypr Intelligence · May 18, 2026