{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/magick.net-q16-x86--14.13.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Magick.NET-Q16-AnyCPU (\u003c 14.13.1)","Magick.NET-Q16-HDRI-AnyCPU (\u003c 14.13.1)","Magick.NET-Q16-HDRI-OpenMP-arm64 (\u003c 14.13.1)","Magick.NET-Q16-HDRI-OpenMP-x64 (\u003c 14.13.1)","Magick.NET-Q16-HDRI-arm64 (\u003c 14.13.1)","Magick.NET-Q16-HDRI-x64 (\u003c 14.13.1)","Magick.NET-Q16-HDRI-x86 (\u003c 14.13.1)","Magick.NET-Q16-OpenMP-arm64 (\u003c 14.13.1)","Magick.NET-Q16-OpenMP-x64 (\u003c 14.13.1)","Magick.NET-Q16-arm64 (\u003c 14.13.1)","Magick.NET-Q16-x64 (\u003c 14.13.1)","Magick.NET-Q16-x86 (\u003c 14.13.1)","Magick.NET-Q8-AnyCPU (\u003c 14.13.1)","Magick.NET-Q8-OpenMP-arm64 (\u003c 14.13.1)","Magick.NET-Q8-OpenMP-x64 (\u003c 14.13.1)","Magick.NET-Q8-arm64 (\u003c 14.13.1)","Magick.NET-Q8-x64 (\u003c 14.13.1)","Magick.NET-Q8-x86 (\u003c 14.13.1)"],"_cs_severities":["high"],"_cs_tags":["heap-overflow","image-processing","cve"],"_cs_type":"advisory","_cs_vendors":["ImageMagick"],"content_html":"\u003cp\u003eA heap buffer over-write vulnerability, tracked as CVE-2026-46520, has been identified in the IPL (Image Processing Library) decoder of ImageMagick\u0026rsquo;s Magick.NET library. This flaw occurs when the software attempts to read multiple images with differing dimensions. Successful exploitation of this vulnerability could allow an attacker to overwrite heap memory, potentially leading to arbitrary code execution within the context of the application using the vulnerable library. This affects a range of Magick.NET packages including Q16, Q8, HDRI variants for AnyCPU, x86, x64 and Arm64 architectures. Users of Magick.NET are advised to upgrade to version 14.13.1 or later to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious image file or set of image files. These images are specially crafted to have different dimensions and trigger the vulnerability in the IPL decoder.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the malicious image(s) to a system running a vulnerable version of Magick.NET via an upload mechanism, network share, or other means.\u003c/li\u003e\n\u003cli\u003eAn application using the vulnerable Magick.NET library attempts to process the attacker-controlled image(s) with the IPL decoder.\u003c/li\u003e\n\u003cli\u003eDuring the image processing, the IPL decoder incorrectly calculates buffer sizes when handling images with differing dimensions.\u003c/li\u003e\n\u003cli\u003eThis leads to a heap buffer over-write, where data is written outside the allocated memory region.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the memory corruption to inject malicious code into the heap.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed, granting the attacker control over the application\u0026rsquo;s process.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-46520 can lead to arbitrary code execution within the application utilizing the vulnerable Magick.NET library. The specific impact depends on the privileges of the application process. This could potentially allow an attacker to gain complete control of the affected system, steal sensitive data, or disrupt services. Since ImageMagick is widely used in image processing applications, web servers, and content management systems, a successful exploit could have widespread consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Magick.NET version 14.13.1 or later to patch CVE-2026-46520.\u003c/li\u003e\n\u003cli\u003eMonitor image processing applications for unexpected behavior or crashes that may indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eConsider implementing input validation to restrict the dimensions of images being processed by Magick.NET to mitigate the risk.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T20:38:15Z","date_published":"2026-05-18T20:38:15Z","id":"https://feed.craftedsignal.io/briefs/2026-05-imagemagick-heap-overflow/","summary":"A heap buffer over-write vulnerability exists in ImageMagick's IPL decoder when processing multiple images of different dimensions, affecting Magick.NET packages prior to version 14.13.1 and potentially leading to arbitrary code execution.","title":"ImageMagick Magick.NET Heap Buffer Overflow Vulnerability (CVE-2026-46520)","url":"https://feed.craftedsignal.io/briefs/2026-05-imagemagick-heap-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Magick.NET-Q16-X86 (\u003c 14.13.1)","version":"https://jsonfeed.org/version/1.1"}