CVE-2026-45664
MEDIUM 5.3ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.4%chance of exploitation in 30 days · 35th percentile
Impact if exploited
5.3CVSS 3.1 · MEDIUM
- ConfidentialityNone
- IntegrityNone
- AvailabilityLow
What an attacker needs
- ✓Access: Reachable over the network — no local access needed
- ✓Privileges: No account or privileges required
- ✓User interaction: No user interaction needed
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Affected
Vendors Imagemagick Red Hat
Products Imagemagick Red Hat Enterprise Linux Server (V. 7 Els) Red Hat Enterprise Linux Server Optional (V. 7 Els) Red Hat Enterprise Linux 6
Weakness (CWE)
- CWE-400: Uncontrolled resource consumption
- CWE-407
- CWE-674
- CWE-770: Allocation without limits
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L