ImageMagick, Out-of-Bounds Read of a single byte in meta encoder, (CVE not disclosed) Moderate

Listen to this Post

How the mentioned CVE works:

The vulnerability exists in the `meta` encoder of ImageMagick due to an off-by-one error. When processing specially crafted input, the encoder calculates a length for a heap buffer incorrectly, leading to an out-of-bounds read of a single byte. This read occurs from a memory location just beyond the legitimate buffer boundary. The flaw is triggered during the parsing of image metadata (IPTC, XMP, etc.) when the encoder attempts to access or copy data. The out-of-bounds read can result in disclosure of sensitive information from adjacent memory, or cause a process crash (denial of service). The vulnerability is considered moderate severity because exploitation typically leads to information leak or application crash, rather than arbitrary code execution. The issue is fixed by ensuring proper bounds checking in the `meta` encoder code. The vulnerability was published to the GitHub Advisory Database on May 18, 2026, and fixed in subsequent releases.

dailycve form:

Platform: ImageMagick
Version: < 6.9.13-40 / 7.x < 7.1.2-15
Vulnerability: Out-of-bounds read
Severity: Moderate
Date: May 18, 2026

Prediction: Patch expected May 18, 2026

Analytics under What Undercode Say:

Check ImageMagick version
identify -version
Test for vulnerability (conceptual)
convert -verbose input.jpg -meta output.jpg
Example of a vulnerable command (actual exploit requires crafted input)
convert crafted_image.png -meta leak.bin
Monitor memory accesses with strace
strace -e trace=memory convert vulnerable.png info:
Update ImageMagick
sudo apt update && sudo apt upgrade imagemagick

Exploit:

A remote attacker can craft a malicious image file (e.g., JPEG, PNG) with malformed metadata (IPTC, XMP) that triggers the off-by-one read. The attacker supplies this file to an application using ImageMagick for conversion or processing. Upon processing, the encoder reads one byte beyond the allocated buffer, potentially leaking memory contents or crashing the process.

Protection from this CVE:

  • Upgrade ImageMagick to version 6.9.13-40 or 7.1.2-15 or later.
  • Apply the patch from the vendor’s GitHub advisory (e.g., commit 3d653be).
  • As a workaround, disable the meta encoder via policy.xml:

``

  • Use input validation to reject images with suspicious metadata.

Impact:

  • Information Disclosure: Out-of-bounds read may leak sensitive data from memory (e.g., stack/heap contents), potentially exposing secrets or aiding further attacks.
  • Denial of Service: Read of unmapped memory can crash the application, causing availability impact.
  • Moderate Severity: The flaw is limited to a single-byte read, reducing the immediate risk of code execution, but it can still lead to data leakage and service disruption.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top