CVE-2026-23876

Vulnerability

CVE-2026-23876

ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file

ecosystem: redhat:6

A flaw was found in ImageMagick. A heap buffer overflow, a type of memory corruption, in the XBM image decoder (ReadXBMImage) allows a remote attacker to write controlled data beyond the allocated memory buffer when processing a maliciously crafted image file. This can lead to arbitrary code execution, information disclosure, or a denial of service. The vulnerability can be triggered by any operation that reads or identifies an image.

References
severityI
Important

type: vendor

source: secalert@redhat.com

CVSS3.1
8.1HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AVNetwork
ACHigh
PRNone
UINone
SNot Changed
CHigh
IHigh
AHigh

source: secalert@redhat.com

 CWE
CWE-787

Out-of-bounds Write

source: secalert@redhat.com

published: 2026-01-20 01:01:38

modified: 2026-02-23 13:01:42

Detection

redhat:6
CVE-2026-23876

redhat-vex

OR

unfixedOut of support scope

 

ImageMagick

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-c++

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-c++-devel

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-devel

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-doc

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-perl

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick

package type: source

type: version

tag: rhel-6-els:bed973f4-9cfe-9d6b-4efd-5501f715a543

OR

unfixedOut of support scope

 

ImageMagick

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-c++

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-c++-devel

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-devel

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-doc

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-perl

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick

package type: source

type: version

tag: rhel-6-extras-including-unpatched:bed973f4-9cfe-9d6b-4efd-5501f715a543

OR

unfixedOut of support scope

 

ImageMagick

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-c++

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-c++-devel

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-devel

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-doc

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-perl

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick

package type: source

type: version

tag: rhel-6-including-unpatched:bed973f4-9cfe-9d6b-4efd-5501f715a543

OR

unfixedOut of support scope

 

ImageMagick

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-c++

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-c++-devel

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-devel

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-doc

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick-perl

package type: binary

type: version
unfixedOut of support scope

 

ImageMagick

package type: source

type: version

tag: rhel-6-supplementary:bed973f4-9cfe-9d6b-4efd-5501f715a543

Data Sources

  • RedHat Enterprise Linux CSAF VEX

    redhat-vex

VulsFutureVuls|GitHub Logo IconGitHub