ImageMagick has a heap buffer over-read in its MAP image decoder

A heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding.

=================================================================
==4070926==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000002b31 at pc 0x56517afbd910 bp 0x7ffc59e90000 sp 0x7ffc59e8fff0
READ of size 1 at 0x502000002b31 thread T0

References

dlemstra published to ImageMagick/ImageMagick Feb 23, 2026

Published by the National Vulnerability Database Feb 24, 2026

Published to the GitHub Advisory Database Feb 24, 2026

Reviewed Feb 24, 2026

Last updated Feb 24, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Out-of-bounds Read

CVE ID

GHSA ID

Source code

Credits

Uh oh!