ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression · CVE-2026-46521 · GitHub Advisory Database · GitHub

ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

Moderate severity GitHub Reviewed Published May 17, 2026 in ImageMagick/ImageMagick • Updated Jun 11, 2026

Package

Magick.NET-Q16-AnyCPU (NuGet)

Affected versions

< 14.13.1

Patched versions

14.13.1

Magick.NET-Q16-HDRI-AnyCPU (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-OpenMP-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-HDRI-x86 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-OpenMP-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-OpenMP-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q16-x86 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-AnyCPU (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-OpenMP-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-OpenMP-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-arm64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-x64 (NuGet)

< 14.13.1

14.13.1

Magick.NET-Q8-x86 (NuGet)

< 14.13.1

14.13.1

Description

When using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check.

References

dlemstra published to ImageMagick/ImageMagick

May 17, 2026

Published to the GitHub Advisory Database May 18, 2026

Reviewed May 18, 2026

Published by the National Vulnerability Database

Jun 10, 2026

Last updated Jun 11, 2026

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Weaknesses

CWE-131

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. Learn more on MITRE.

CWE-252

Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. Learn more on MITRE.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer. Learn more on MITRE.

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. Learn more on MITRE.

⚡