CVE-2026-42050

ImageMagick: Stack buffer overflow in XTileImage

Published: 5/11/2026 Last updated: 5/12/2026 Reserved: 4/23/2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability is fixed in 7.1.2-21 and 6.9.13-46.

CNA assigner: GitHub_M (a0819718-46f1-4df5-94e2-005712e83aaa) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product	Vendor	Version
ImageMagick	ImageMagick	2.0 up to 2.2.33 and 2.3.0

References (1)

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p