CVE-2026-53462— ImageMagick: Use-After-Free when allocation in CheckPrimitiveExtent fails

CVSS 5.9 · Medium EPSS 0.23% · P13 Updated Jun 13, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

Vendor	Product	Version Range	Status
ImageMagick	ImageMagick	`< 6.9.13-50`	affected
		`< 7.1.2-25`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53462

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

ImageMagick: Use-After-Free when allocation in CheckPrimitiveExtent fails

Source: NVD (National Vulnerability Database)

Vulnerability Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

释放后使用

Source: NVD (National Vulnerability Database)

Vulnerability Title

ImageMagick 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。 ImageMagick 6.9.13-50之前版本和7.1.2-25之前版本存在资源管理错误漏洞，该漏洞源于CheckPrimitiveExtent中分配失败，可能导致释放后重用并导致崩溃。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ImageMagick	ImageMagick	< 6.9.13-50	-

II. Public POCs for CVE-2026-53462

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-53462

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-53462 (1)

🔗 Use-After-Free when allocation in CheckPrimitiveExtent fails · Advisory · ImageMagick/ImageMagick · GitHubx_refsource_CONFIRM

https://nvd.nist.gov/vuln/detail/CVE-2026-53462

Same Patch Batch · ImageMagick · 2026-06-10 · 28 CVEs total

CVE-2026-53461	7.5 HIGH	ImageMagick: Out-of-bounds write in ICON decoder due to incorrect loop
CVE-2026-46520	7.5 HIGH	ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of differe
CVE-2026-53460	7.5 HIGH	ImageMagick: Policy Bypass can trigger out-of-Memory condition
CVE-2026-49218	7.5 HIGH	ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions
CVE-2026-46522	7.5 HIGH	ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
CVE-2026-53465	6.2 MEDIUM	ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
CVE-2026-46523	6.2 MEDIUM	ImageMagick: Use-After-Free in MSL decoder.
CVE-2026-46557	6.2 MEDIUM	ImageMagick: Stack overflow in fx operation
CVE-2026-48994	5.9 MEDIUM	ImageMagick: Heap Buffer Over-Write in MAT decoder on 32-bit systems
CVE-2026-45359	5.7 MEDIUM	ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid
CVE-2026-47166	5.7 MEDIUM	ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
CVE-2026-48734	5.5 MEDIUM	ImageMagick: Stack Overflow in MVG decoder
CVE-2026-48724	5.5 MEDIUM	ImageMagick: Heap Buffer Underwrite in Floyd-Steinberg depth dithering
CVE-2026-49219	5.5 MEDIUM	ImageMagick: Policy Bypass can read disallowed files
CVE-2026-46521	5.5 MEDIUM	ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
CVE-2026-45031	5.3 MEDIUM	ImageMagick: Policy Bypass in PSD decoder
CVE-2026-45664	5.3 MEDIUM	ImageMagick: Policy Bypass in MNG coder could
CVE-2026-45358	5.3 MEDIUM	ImageMagick: Out-of-Bounds Read of a single byte in meta encoder
CVE-2026-45624	5.1 MEDIUM	ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
CVE-2026-42326	5.1 MEDIUM	ImageMagick: Heap Buffer Over-Read in IPTC encoder

Showing top 20 of 28 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: ImageMagick

Same vendor: ImageMagick

Same weakness: CWE-416

V. Comments for CVE-2026-53462

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-53462— ImageMagick: Use-After-Free when allocation in CheckPrimitiveExtent fails

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

I. Basic Information for CVE-2026-53462

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-53462

III. Intelligence Information for CVE-2026-53462

Vendor Advisories for CVE-2026-53462 (1)

Same Patch Batch · ImageMagick · 2026-06-10 · 28 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-53462

Leave a comment