CVE-2026-40312: Off-by-One Heap Memory Corruption in ImageMagick MSL Decoder
Vulnerability ID: CVE-2026-40312
CVSS Score: 6.2
Published: 2026-04-14
ImageMagick versions prior to 7.1.2-19 contain an off-by-one vulnerability in the Magick Scripting Language (MSL) decoder. Processing a maliciously crafted MSL file triggers an out-of-bounds heap increment, leading to memory corruption and denial of service.
TL;DR
An off-by-one array index in ImageMagick's MSL decoder causes an out-of-bounds memory increment, resulting in heap corruption and application crash when parsing crafted files.
Technical Details
- CWE ID: CWE-193
- Attack Vector: Local
- CVSS Score: 6.2 (Medium)
- EPSS Score: 0.00012
- Impact: Denial of Service
- Exploit Status: None
- CISA KEV: Not Listed
Affected Systems
- ImageMagick
- Magick.NET
-
ImageMagick: < 7.1.2-19 (Fixed in:
7.1.2-19) -
Magick.NET: < 14.12.0 (Fixed in:
14.12.0)
Code Analysis
Commit: 2a06c7b
Fix off-by-one in MSL decoder index computation
Mitigation Strategies
- Upgrade ImageMagick binaries to the patched release.
- Update Magick.NET dependencies in .NET projects.
- Disable the MSL coder via ImageMagick policy.xml.
Remediation Steps:
- Identify all systems and applications using ImageMagick or Magick.NET.
- If patching is possible, update ImageMagick to >= 7.1.2-19 or Magick.NET to >= 14.12.0.
- If patching is not possible, locate the
policy.xmlconfiguration file on the target system. - Add the line
<policy domain="coder" rights="none" pattern="MSL" />to the<policymap>section ofpolicy.xml. - Restart any long-running services that utilize the ImageMagick library to ensure the new policy is loaded.
References
- NVD Detail: CVE-2026-40312
- GitHub Security Advisory: GHSA-5xg3-585r-9jh5
- ImageMagick Fix Commit
- ImageMagick Release 7.1.2-19
- Magick.NET Release 14.12.0
Read the full report for CVE-2026-40312 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)