Bug 2500933 (CVE-2026-61862) - CVE-2026-61862 ImageMagick: ImageMagick: Information disclosure via out-of-bounds read when displaying profiles with debug enabled
Summary: CVE-2026-61862 ImageMagick: ImageMagick: Information disclosure via out-of-bo...
Keywords:
Status: NEW
Alias: CVE-2026-61862
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-15 12:05 UTC by OSIDB Bzimport
Modified: 2026-07-16 09:34 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-15 12:05:16 UTC
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed (read past the profile boundary). This behavior occurs when debug output is enabled.


Note You need to log in before you can comment on or make changes to this bug.