Listen to this Post
The vulnerability exists within the FTXT encoder of ImageMagick. The encoder fails to perform a boundary check when parsing the `ftxt:format` property from a crafted image file. When the encoder processes this property, it reads data from a heap-allocated buffer without verifying if the read operation stays within the allocated memory region. A remote attacker can supply a maliciously crafted image file with a specially manipulated `ftxt:format` value. When ImageMagick processes this file, the FTXT encoder attempts to read outside the bounds of the heap buffer, leading to an out-of-bounds read. The flaw is triggered specifically when the `ftxt:format` value is processed, as the encoder lacks proper validation of the input length relative to the buffer size. The out-of-bounds read can cause the application to crash, resulting in a denial of service. The crash is observed as a heap-buffer-overflow error when running the application with AddressSanitizer. The issue affects versions prior to the patched release, where the missing boundary check was introduced. The vulnerability is considered low severity because it primarily leads to a denial of service and does not allow for remote code execution or privilege escalation. The patch introduces a boundary check to ensure all reads remain within the heap buffer, preventing the out-of-bounds access. Users are advised to update to the patched version to mitigate the risk.
dailycve form:
Platform: ImageMagick
Version: <7.1.2-16
Vulnerability : OOB read
Severity: low
date: 2026-04-14
Prediction: 2026-04-21
Analytics under What Undercode Say:
Check ImageMagick version convert --version Test for vulnerability using a crafted FTXT file identify -verbose poc.ftxt Monitor for crashes or out-of-bounds reads using AddressSanitizer asan_image="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libasan.so.6 convert poc.ftxt out.png" echo $asan_image
Exploit:
Create a malicious FTXT file with oversized ftxt:format
echo "ftxt:format=$(python3 -c 'print("A"1000)')" > exploit.ftxt
convert exploit.ftxt out.png
Protection from this CVE
Update to ImageMagick version 7.1.2-16 or later. Alternatively, apply the patch that adds boundary checks in the FTXT encoder. Disable FTXT encoding if not required.
Impact
Denial of service (application crash). No remote code execution or privilege escalation. Low severity.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

