ImageMagick: Heap Buffer Over-Read in distributed pixel cache server · CVE-2026-47166 · GitHub Advisory Database · GitHub

ImageMagick: Heap Buffer Over-Read in distributed pixel cache server

Moderate severity GitHub Reviewed Published May 19, 2026 in ImageMagick/ImageMagick • Updated May 22, 2026

Package

Magick.NET-Q16-AnyCPU (NuGet)

Affected versions

< 14.12.0

Patched versions

14.12.0

Magick.NET-Q16-HDRI-AnyCPU (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-HDRI-arm64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-HDRI-x64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-HDRI-x86 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-OpenMP-arm64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-OpenMP-x64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-arm64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-x64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q16-x86 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q8-AnyCPU (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q8-OpenMP-arm64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q8-OpenMP-x64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q8-arm64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q8-x64 (NuGet)

< 14.12.0

14.12.0

Magick.NET-Q8-x86 (NuGet)

< 14.12.0

14.12.0

Description

An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process.

References

GHSA-6gxq-f64p-5w6f

dlemstra published to ImageMagick/ImageMagick

May 19, 2026

Published to the GitHub Advisory Database May 22, 2026

Reviewed May 22, 2026

Last updated May 22, 2026

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

High

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H