CVE-2026-27799 (GCVE-0-2026-27799)

Vulnerability from cvelistv5 – Published: 2026-02-25 23:20 – Updated: 2026-02-26 17:04
VLAI?
Title
ImageMagick has a heap Buffer Over-read in its DJVU image format handler
Summary
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Severity ?
4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
ImageMagick ImageMagick Affected: < 6.9.13-40
Affected: >= 7.0.0, < 7.1.2-15
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27799",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T17:03:55.887716Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:04:08.122Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.9.13-40"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.1.2-15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126: Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T23:20:25.204Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2"
        },
        {
          "name": "https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced"
        },
        {
          "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
        }
      ],
      "source": {
        "advisory": "GHSA-r99p-5442-q2x2",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick has a heap Buffer Over-read in its DJVU image format handler"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27799",
    "datePublished": "2026-02-25T23:20:25.204Z",
    "dateReserved": "2026-02-24T02:31:33.266Z",
    "dateUpdated": "2026-02-26T17:04:08.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-27799",
      "date": "2026-05-18",
      "epss": "0.00018",
      "percentile": "0.04791"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-27799\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-26T00:16:25.393\",\"lastModified\":\"2026-02-27T16:01:02.333\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.\"},{\"lang\":\"es\",\"value\":\"ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, existe una vulnerabilidad de lectura excesiva de b\u00fafer de pila en el gestor del formato de imagen DJVU. La vulnerabilidad ocurre debido a un truncamiento de enteros al calcular el \u0027stride\u0027 (tama\u00f1o de fila) para la asignaci\u00f3n del b\u00fafer de p\u00edxeles. El c\u00e1lculo del \u0027stride\u0027 desborda un entero con signo de 32 bits, lo que resulta en lecturas de memoria fuera de l\u00edmites. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"},{\"lang\":\"en\",\"value\":\"CWE-126\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.9.13-40\",\"matchCriteriaId\":\"C6F44A65-1733-4752-AAD0-BCCC7BDBC877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0-0\",\"versionEndExcluding\":\"7.1.2-15\",\"matchCriteriaId\":\"6AFFD439-1068-4B6F-AE01-724AC62CDCEA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlemstra:magick.net:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.10.3\",\"matchCriteriaId\":\"F5891403-B079-4CD7-BA2A-361146A2F475\"}]}]}],\"references\":[{\"url\":\"https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27799\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-26T17:03:55.887716Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-26T17:04:02.801Z\"}}], \"cna\": {\"title\": \"ImageMagick has a heap Buffer Over-read in its DJVU image format handler\", \"source\": {\"advisory\": \"GHSA-r99p-5442-q2x2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"ImageMagick\", \"product\": \"ImageMagick\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 6.9.13-40\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.1.2-15\"}]}], \"references\": [{\"url\": \"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2\", \"name\": \"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced\", \"name\": \"https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3\", \"name\": \"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-126\", \"description\": \"CWE-126: Buffer Over-read\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-25T23:20:25.204Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-27799\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T17:04:08.122Z\", \"dateReserved\": \"2026-02-24T02:31:33.266Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-25T23:20:25.204Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}