ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. · CVE-2026-46559 · GitHub Advisory Database · GitHub

ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.

Moderate severity GitHub Reviewed Published May 17, 2026 in ImageMagick/ImageMagick • Updated Jun 11, 2026

Package

Magick.NET-Q16-AnyCPU (NuGet)

Affected versions

< 14.13.1

Patched versions

14.13.1

Magick.NET-Q16-HDRI-AnyCPU (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-OpenMP-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-x86 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-OpenMP-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-OpenMP-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-x86 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-AnyCPU (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-OpenMP-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-OpenMP-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-x86 (NuGet)

< 14.13.1

14.13.1

Description

An incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options.

References

dlemstra published to ImageMagick/ImageMagick

May 17, 2026

Published to the GitHub Advisory Database May 18, 2026

Reviewed May 18, 2026

Published by the National Vulnerability Database

Jun 10, 2026

Last updated Jun 11, 2026

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

⚡