CVE-2026-45664 | ImageMagick is free and open-source software used for editin… | CVSS 5.3 MEDIUM

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Metadata

CVE ID: CVE-2026-45664
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-12 21:59 UTC
Published: 2026-06-10 21:30 UTC
Last updated: 2026-06-11 14:09 UTC
Primary CWE: CWE-400
CWE-400: Uncontrolled Resource Consumption
Vendor / Product: ImageMagick / ImageMagick
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
ImageMagick	ImageMagick	—	< 6.9.13-47, < 7.1.2-22

Weakness (CWE)

CWE	Source	Description
CWE-400	cna	CWE-400: Uncontrolled Resource Consumption
CWE-407	cna	CWE-407: Inefficient Algorithmic Complexity
CWE-674	cna	CWE-674: Uncontrolled Recursion

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References (1)

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6