VYPR
← All advisories
Medium severity5.9NVD Advisory· Published Jun 10, 2026

CVE-2026-53462

CVE-2026-53462

Description

ImageMagick heap-use-after-free vulnerability due to allocation failure in CheckPrimitiveExtent, potentially leading to crashes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ImageMagick heap-use-after-free vulnerability due to allocation failure in CheckPrimitiveExtent, potentially leading to crashes.

Vulnerability

ImageMagick versions prior to 6.9.13-50 and 7.1.2-25 are affected by a heap-use-after-free vulnerability. This occurs when an allocation fails within the CheckPrimitiveExtent function, leading to a crash [1].

Exploitation

An attacker can exploit this vulnerability by triggering an allocation failure within the CheckPrimitiveExtent function. The exact conditions or steps required to reliably trigger this failure are not detailed in the available references, but it is noted that the vulnerability is more severe with less complex attacks and when no user interaction is required [1].

Impact

Successful exploitation of this vulnerability can result in a heap-use-after-free condition, which may lead to a crash of the ImageMagick application. This would impact the availability of the component [1].

Mitigation

This vulnerability has been patched in ImageMagick versions 6.9.13-50 and 7.1.2-25. Users are advised to update to these fixed versions or later [1].

References
  1. Use-After-Free when allocation in CheckPrimitiveExtent fails

AI Insight generated on Jun 10, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • ImageMagick/Imagemagickinferred2 versions
    >=6.9.13-50,<7.1.2-25+ 1 more
    • (no CPE)range: >=6.9.13-50,<7.1.2-25
    • (no CPE)range: <6.9.13-50, <7.1.2-25

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

1