CRITICAL🇬🇧 English

CVE-2026-56379

CVSS 9.2v4.0pub. 2026-06-23upd. 2026-07-02

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Imagemagick

    APP
    Imagemagick
    < 6.9.13-407.1.0-0 – 7.1.2-15 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2023-34152CRITICAL9.8ten sam produkt

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in Op...

CVE-2019-19948CRITICAL9.8ten sam produkt

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi...

CVE-2019-19949CRITICAL9.1ten sam produkt

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/pn...

CVE-2019-19952CRITICAL9.8ten sam produkt

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, re...

CVE-2018-16329CRITICAL9.8ten sam produkt

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCo...

CVE-2026-56379 — CRITICAL 9.2 | CVEbaza.pl