CVE-2026-48734
Description
ImageMagick versions prior to 6.9.13-49 and 7.1.2-24 are vulnerable to a stack overflow when processing crafted MVG files, potentially leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick versions prior to 6.9.13-49 and 7.1.2-24 are vulnerable to a stack overflow when processing crafted MVG files, potentially leading to denial of service.
Vulnerability
ImageMagick, a widely used image manipulation tool, is affected by a stack overflow vulnerability when processing specially crafted MVG (Magick Vector Graphics) files. This issue occurs due to a missing depth or visited-set check within the MVG decoder. The vulnerability exists in versions prior to 6.9.13-49 and 7.1.2-24 [1].
Exploitation
An attacker can exploit this vulnerability by tricking a user into opening a malicious MVG file with an affected version of ImageMagick. The vulnerability does not require any specific privileges or user interaction beyond the opening of the file, and the attack can be launched remotely [1].
Impact
Successful exploitation of this vulnerability can lead to a stack overflow, which typically results in a denial-of-service (DoS) condition. This means the ImageMagick process may crash or become unresponsive, preventing further image processing.
Mitigation
This vulnerability has been fixed in ImageMagick versions 6.9.13-49 and 7.1.2-24. Users are strongly advised to update to these patched versions or later to remediate the issue [1].
AI Insight generated on Jun 10, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <6.9.13-49, <7.1.2-24
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
1- ImageMagick: 25 Vulnerabilities Disclosed in Single Batch on June 10, 2026Vypr Intelligence · Jun 10, 2026