MEDIUM🇬🇧 English

CVE-2026-46693

CVSS 4.1v3.1pub. 2026-06-10upd. 2026-06-11

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
  • Imagemagick

    APP
    Imagemagick
    < 6.9.13-487.0.0-0 – 7.1.2-23 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Race Condition
CWE
Referencje

Powiązane podatności

CVE-2026-56379CRITICAL9.2ten sam produkt

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that a...

CVE-2023-34152CRITICAL9.8ten sam produkt

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in Op...

CVE-2019-19948CRITICAL9.8ten sam produkt

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi...

CVE-2019-19952CRITICAL9.8ten sam produkt

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, re...

CVE-2019-19949CRITICAL9.1ten sam produkt

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/pn...