<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sat, 04 Jul 2026 21:32:58 +0000</lastBuildDate>
    <item>
      <title>5f48a788-f9b6-43a6-9fb4-03a1b9f078e6</title>
      <link>https://vulnerability.circl.lu/sighting/5f48a788-f9b6-43a6-9fb4-03a1b9f078e6/export</link>
      <description>{"uuid": "5f48a788-f9b6-43a6-9fb4-03a1b9f078e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53467", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqng7w6zv2b", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53467 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/0DD87C0E-6B5C-4586-8232-EDFB05BBF451", "creation_timestamp": "2026-07-03T13:24:33.401811Z"}</description>
      <content:encoded>{"uuid": "5f48a788-f9b6-43a6-9fb4-03a1b9f078e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53467", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqng7w6zv2b", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53467 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/0DD87C0E-6B5C-4586-8232-EDFB05BBF451", "creation_timestamp": "2026-07-03T13:24:33.401811Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5f48a788-f9b6-43a6-9fb4-03a1b9f078e6/export</guid>
      <pubDate>Fri, 03 Jul 2026 13:24:33 +0000</pubDate>
    </item>
    <item>
      <title>3a6e6df5-9d07-418f-9ef7-6110cf020d34</title>
      <link>https://vulnerability.circl.lu/sighting/3a6e6df5-9d07-418f-9ef7-6110cf020d34/export</link>
      <description>{"uuid": "3a6e6df5-9d07-418f-9ef7-6110cf020d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53466", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqnfmbi4y2u", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53466 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/9FE7CF6A-9F5D-4BE2-A338-A8F7098C71B3", "creation_timestamp": "2026-07-03T13:24:13.253214Z"}</description>
      <content:encoded>{"uuid": "3a6e6df5-9d07-418f-9ef7-6110cf020d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53466", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqnfmbi4y2u", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53466 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/9FE7CF6A-9F5D-4BE2-A338-A8F7098C71B3", "creation_timestamp": "2026-07-03T13:24:13.253214Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3a6e6df5-9d07-418f-9ef7-6110cf020d34/export</guid>
      <pubDate>Fri, 03 Jul 2026 13:24:13 +0000</pubDate>
    </item>
    <item>
      <title>63491a2c-4f8f-4420-86b2-3cc204e7002d</title>
      <link>https://vulnerability.circl.lu/sighting/63491a2c-4f8f-4420-86b2-3cc204e7002d/export</link>
      <description>{"uuid": "63491a2c-4f8f-4420-86b2-3cc204e7002d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53467", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnxypk2a327", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53467 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D238191F-2A8C-47EB-8F9E-A86A994DA746", "creation_timestamp": "2026-07-02T11:55:52.410438Z"}</description>
      <content:encoded>{"uuid": "63491a2c-4f8f-4420-86b2-3cc204e7002d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53467", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnxypk2a327", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53467 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D238191F-2A8C-47EB-8F9E-A86A994DA746", "creation_timestamp": "2026-07-02T11:55:52.410438Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/63491a2c-4f8f-4420-86b2-3cc204e7002d/export</guid>
      <pubDate>Thu, 02 Jul 2026 11:55:52 +0000</pubDate>
    </item>
    <item>
      <title>d077aa93-e2f7-4621-8ffa-b5d3cfc3724f</title>
      <link>https://vulnerability.circl.lu/sighting/d077aa93-e2f7-4621-8ffa-b5d3cfc3724f/export</link>
      <description>{"uuid": "d077aa93-e2f7-4621-8ffa-b5d3cfc3724f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53466", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnt7iyszp2k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53466 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D9BCE202-DF0F-4C33-9686-6AEA0630FD23", "creation_timestamp": "2026-07-02T10:30:11.318893Z"}</description>
      <content:encoded>{"uuid": "d077aa93-e2f7-4621-8ffa-b5d3cfc3724f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53466", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnt7iyszp2k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53466 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D9BCE202-DF0F-4C33-9686-6AEA0630FD23", "creation_timestamp": "2026-07-02T10:30:11.318893Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d077aa93-e2f7-4621-8ffa-b5d3cfc3724f/export</guid>
      <pubDate>Thu, 02 Jul 2026 10:30:11 +0000</pubDate>
    </item>
    <item>
      <title>c2850285-21f7-48d4-9f01-2709c9b2d620</title>
      <link>https://vulnerability.circl.lu/sighting/c2850285-21f7-48d4-9f01-2709c9b2d620/export</link>
      <description>{"uuid": "c2850285-21f7-48d4-9f01-2709c9b2d620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53467", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnrbw7ifn22", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53467 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D0E270F3-515E-4D9B-AC7B-EDF4D03CF8CA", "creation_timestamp": "2026-07-02T09:56:18.936253Z"}</description>
      <content:encoded>{"uuid": "c2850285-21f7-48d4-9f01-2709c9b2d620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53467", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnrbw7ifn22", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-53467 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D0E270F3-515E-4D9B-AC7B-EDF4D03CF8CA", "creation_timestamp": "2026-07-02T09:56:18.936253Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c2850285-21f7-48d4-9f01-2709c9b2d620/export</guid>
      <pubDate>Thu, 02 Jul 2026 09:56:18 +0000</pubDate>
    </item>
    <item>
      <title>27e6f68b-c4f3-4e7c-9a1b-517545988047</title>
      <link>https://vulnerability.circl.lu/sighting/27e6f68b-c4f3-4e7c-9a1b-517545988047/export</link>
      <description>{"uuid": "27e6f68b-c4f3-4e7c-9a1b-517545988047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53467", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpmdenqcm72b", "content": "CVE-2026-53467 - ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged\nCVE ID : CVE-2026-53467\n \n Published : July 1, 2026, 6:50 p.m. | 55\u00a0minutes ago\n \n Description : ImageMagick is free and open-source software used for editing and man...", "creation_timestamp": "2026-07-01T20:14:06.893997Z"}</description>
      <content:encoded>{"uuid": "27e6f68b-c4f3-4e7c-9a1b-517545988047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53467", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpmdenqcm72b", "content": "CVE-2026-53467 - ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged\nCVE ID : CVE-2026-53467\n \n Published : July 1, 2026, 6:50 p.m. | 55\u00a0minutes ago\n \n Description : ImageMagick is free and open-source software used for editing and man...", "creation_timestamp": "2026-07-01T20:14:06.893997Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/27e6f68b-c4f3-4e7c-9a1b-517545988047/export</guid>
      <pubDate>Wed, 01 Jul 2026 20:14:06 +0000</pubDate>
    </item>
    <item>
      <title>36aa12b0-5316-47a6-8028-12276a49d258</title>
      <link>https://vulnerability.circl.lu/sighting/36aa12b0-5316-47a6-8028-12276a49d258/export</link>
      <description>{"uuid": "36aa12b0-5316-47a6-8028-12276a49d258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53466", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpmd3zutgo2n", "content": "CVE-2026-53466 - ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow\nCVE ID : CVE-2026-53466\n \n Published : July 1, 2026, 6:20 p.m. | 1\u00a0hour, 26\u00a0minutes ago\n \n Description : ImageMagick is free and open-source software used for editing and mani...", "creation_timestamp": "2026-07-01T20:09:15.239337Z"}</description>
      <content:encoded>{"uuid": "36aa12b0-5316-47a6-8028-12276a49d258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53466", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpmd3zutgo2n", "content": "CVE-2026-53466 - ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow\nCVE ID : CVE-2026-53466\n \n Published : July 1, 2026, 6:20 p.m. | 1\u00a0hour, 26\u00a0minutes ago\n \n Description : ImageMagick is free and open-source software used for editing and mani...", "creation_timestamp": "2026-07-01T20:09:15.239337Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/36aa12b0-5316-47a6-8028-12276a49d258/export</guid>
      <pubDate>Wed, 01 Jul 2026 20:09:15 +0000</pubDate>
    </item>
    <item>
      <title>720f1ca2-69c5-4445-a97f-7ce9dd729418</title>
      <link>https://vulnerability.circl.lu/sighting/720f1ca2-69c5-4445-a97f-7ce9dd729418/export</link>
      <description>{"uuid": "720f1ca2-69c5-4445-a97f-7ce9dd729418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53469", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpgduqzxbs2h", "content": "\ud83d\udccc CVE-2026-53469 - A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, ... https://www.cyberhub.blog/cves/CVE-2026-53469", "creation_timestamp": "2026-06-29T11:07:07.432969Z"}</description>
      <content:encoded>{"uuid": "720f1ca2-69c5-4445-a97f-7ce9dd729418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53469", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpgduqzxbs2h", "content": "\ud83d\udccc CVE-2026-53469 - A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, ... https://www.cyberhub.blog/cves/CVE-2026-53469", "creation_timestamp": "2026-06-29T11:07:07.432969Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/720f1ca2-69c5-4445-a97f-7ce9dd729418/export</guid>
      <pubDate>Mon, 29 Jun 2026 11:07:07 +0000</pubDate>
    </item>
    <item>
      <title>644e032c-2bfa-48d2-aa3f-9df196ec8780</title>
      <link>https://vulnerability.circl.lu/sighting/644e032c-2bfa-48d2-aa3f-9df196ec8780/export</link>
      <description>{"uuid": "644e032c-2bfa-48d2-aa3f-9df196ec8780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53462", "type": "seen", "source": "https://gist.github.com/alon710/ab6fb045bc60bbc32d947423444fcf91", "content": "# CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem\n\n&amp;gt; **CVSS Score:** 5.9\n&amp;gt; **Published:** 2026-06-26\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-53462\n\n## Summary\nCVE-2026-53462 is a heap Use-After-Free (UAF) vulnerability in ImageMagick's vector drawing subsystem, specifically within the coordinate allocation mechanism in CheckPrimitiveExtent. By parsing a crafted vector image (such as SVG or MVG) with extremely complex primitives, an attacker can trigger a memory reallocation failure. If the application fails to handle this allocation failure cleanly, it leaves a dangling pointer that can subsequently be accessed or freed again, causing memory corruption or an application crash.\n\n## TL;DR\nA heap Use-After-Free vulnerability in ImageMagick's drawing engine can be triggered via crafted vector images, potentially leading to denial of service or remote code execution.\n\n## Technical Details\n\n- **CWE ID**: CWE-416 (Use After Free)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 5.9 (Medium)\n- **EPSS Score**: 0.00227 (Percentile: 13.34%)\n- **Impact**: Availability (High)\n- **Exploit Status**: None (No public exploits or weaponized payloads)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- ImageMagick 6.x installations prior to version 6.9.13-50\n- ImageMagick 7.x installations prior to version 7.1.2-25\n- **ImageMagick**: &amp;lt; 6.9.13-50 (Fixed in: `6.9.13-50`)\n- **ImageMagick**: &amp;gt;= 7.0.0-0, &amp;lt; 7.1.2-25 (Fixed in: `7.1.2-25`)\n\n## Mitigation\n\n- Upgrade to ImageMagick 6.9.13-50 (legacy branch) or 7.1.2-25 (modern branch) or newer.\n- Disable parsing of vulnerable vector formats (SVG, MVG, PDF, EPS, PS) via policy.xml configuration.\n- Enforce strict memory limits inside ImageMagick's policy.xml to mitigate memory allocation manipulation.\n\n**Remediation Steps:**\n1. Identify vulnerable ImageMagick deployments using local container scanning, host package managers, or software composition analysis.\n2. Deploy security updates or compile from patched sources for both 6.x and 7.x code paths.\n3. Configure ImageMagick policy.xml file to restrict vector file processing capabilities if updates cannot be immediately applied.\n\n## References\n\n- [Official GitHub Security Advisory](https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2)\n- [Magick.NET Release Package Info (Wrapper Fix)](https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53462)\n- [Wiz Vulnerability Analysis Portal](https://www.wiz.io/vulnerability-database/cve/cve-2026-53462)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53462) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-26T16:52:45.690303Z"}</description>
      <content:encoded>{"uuid": "644e032c-2bfa-48d2-aa3f-9df196ec8780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53462", "type": "seen", "source": "https://gist.github.com/alon710/ab6fb045bc60bbc32d947423444fcf91", "content": "# CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem\n\n&amp;gt; **CVSS Score:** 5.9\n&amp;gt; **Published:** 2026-06-26\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-53462\n\n## Summary\nCVE-2026-53462 is a heap Use-After-Free (UAF) vulnerability in ImageMagick's vector drawing subsystem, specifically within the coordinate allocation mechanism in CheckPrimitiveExtent. By parsing a crafted vector image (such as SVG or MVG) with extremely complex primitives, an attacker can trigger a memory reallocation failure. If the application fails to handle this allocation failure cleanly, it leaves a dangling pointer that can subsequently be accessed or freed again, causing memory corruption or an application crash.\n\n## TL;DR\nA heap Use-After-Free vulnerability in ImageMagick's drawing engine can be triggered via crafted vector images, potentially leading to denial of service or remote code execution.\n\n## Technical Details\n\n- **CWE ID**: CWE-416 (Use After Free)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 5.9 (Medium)\n- **EPSS Score**: 0.00227 (Percentile: 13.34%)\n- **Impact**: Availability (High)\n- **Exploit Status**: None (No public exploits or weaponized payloads)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- ImageMagick 6.x installations prior to version 6.9.13-50\n- ImageMagick 7.x installations prior to version 7.1.2-25\n- **ImageMagick**: &amp;lt; 6.9.13-50 (Fixed in: `6.9.13-50`)\n- **ImageMagick**: &amp;gt;= 7.0.0-0, &amp;lt; 7.1.2-25 (Fixed in: `7.1.2-25`)\n\n## Mitigation\n\n- Upgrade to ImageMagick 6.9.13-50 (legacy branch) or 7.1.2-25 (modern branch) or newer.\n- Disable parsing of vulnerable vector formats (SVG, MVG, PDF, EPS, PS) via policy.xml configuration.\n- Enforce strict memory limits inside ImageMagick's policy.xml to mitigate memory allocation manipulation.\n\n**Remediation Steps:**\n1. Identify vulnerable ImageMagick deployments using local container scanning, host package managers, or software composition analysis.\n2. Deploy security updates or compile from patched sources for both 6.x and 7.x code paths.\n3. Configure ImageMagick policy.xml file to restrict vector file processing capabilities if updates cannot be immediately applied.\n\n## References\n\n- [Official GitHub Security Advisory](https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2)\n- [Magick.NET Release Package Info (Wrapper Fix)](https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53462)\n- [Wiz Vulnerability Analysis Portal](https://www.wiz.io/vulnerability-database/cve/cve-2026-53462)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53462) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-26T16:52:45.690303Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/644e032c-2bfa-48d2-aa3f-9df196ec8780/export</guid>
      <pubDate>Fri, 26 Jun 2026 16:52:45 +0000</pubDate>
    </item>
    <item>
      <title>2cd258ea-7cd8-4c9b-bec7-d9577f298bc9</title>
      <link>https://vulnerability.circl.lu/sighting/2cd258ea-7cd8-4c9b-bec7-d9577f298bc9/export</link>
      <description>{"uuid": "2cd258ea-7cd8-4c9b-bec7-d9577f298bc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53462", "type": "seen", "source": "https://gist.github.com/alon710/8649cee74b41dfbab6352036ad771ea3", "content": "# CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem\n\n&amp;gt; **CVSS Score:** 5.9\n&amp;gt; **Published:** 2026-06-26\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-53462\n\n## Summary\nCVE-2026-53462 is a heap Use-After-Free (UAF) vulnerability in ImageMagick's vector drawing subsystem, specifically within the coordinate allocation mechanism in CheckPrimitiveExtent. By parsing a crafted vector image (such as SVG or MVG) with extremely complex primitives, an attacker can trigger a memory reallocation failure. If the application fails to handle this allocation failure cleanly, it leaves a dangling pointer that can subsequently be accessed or freed again, causing memory corruption or an application crash.\n\n## TL;DR\nA heap Use-After-Free vulnerability in ImageMagick's drawing engine can be triggered via crafted vector images, potentially leading to denial of service or remote code execution.\n\n## Technical Details\n\n- **CWE ID**: CWE-416 (Use After Free)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 5.9 (Medium)\n- **EPSS Score**: 0.00227 (Percentile: 13.34%)\n- **Impact**: Availability (High)\n- **Exploit Status**: None (No public exploits or weaponized payloads)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- ImageMagick 6.x installations prior to version 6.9.13-50\n- ImageMagick 7.x installations prior to version 7.1.2-25\n- **ImageMagick**: &amp;lt; 6.9.13-50 (Fixed in: `6.9.13-50`)\n- **ImageMagick**: &amp;gt;= 7.0.0-0, &amp;lt; 7.1.2-25 (Fixed in: `7.1.2-25`)\n\n## Mitigation\n\n- Upgrade to ImageMagick 6.9.13-50 (legacy branch) or 7.1.2-25 (modern branch) or newer.\n- Disable parsing of vulnerable vector formats (SVG, MVG, PDF, EPS, PS) via policy.xml configuration.\n- Enforce strict memory limits inside ImageMagick's policy.xml to mitigate memory allocation manipulation.\n\n**Remediation Steps:**\n1. Identify vulnerable ImageMagick deployments using local container scanning, host package managers, or software composition analysis.\n2. Deploy security updates or compile from patched sources for both 6.x and 7.x code paths.\n3. Configure ImageMagick policy.xml file to restrict vector file processing capabilities if updates cannot be immediately applied.\n\n## References\n\n- [Official GitHub Security Advisory](https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2)\n- [Magick.NET Release Package Info (Wrapper Fix)](https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53462)\n- [Wiz Vulnerability Analysis Portal](https://www.wiz.io/vulnerability-database/cve/cve-2026-53462)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53462) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-26T16:42:20.253067Z"}</description>
      <content:encoded>{"uuid": "2cd258ea-7cd8-4c9b-bec7-d9577f298bc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53462", "type": "seen", "source": "https://gist.github.com/alon710/8649cee74b41dfbab6352036ad771ea3", "content": "# CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem\n\n&amp;gt; **CVSS Score:** 5.9\n&amp;gt; **Published:** 2026-06-26\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-53462\n\n## Summary\nCVE-2026-53462 is a heap Use-After-Free (UAF) vulnerability in ImageMagick's vector drawing subsystem, specifically within the coordinate allocation mechanism in CheckPrimitiveExtent. By parsing a crafted vector image (such as SVG or MVG) with extremely complex primitives, an attacker can trigger a memory reallocation failure. If the application fails to handle this allocation failure cleanly, it leaves a dangling pointer that can subsequently be accessed or freed again, causing memory corruption or an application crash.\n\n## TL;DR\nA heap Use-After-Free vulnerability in ImageMagick's drawing engine can be triggered via crafted vector images, potentially leading to denial of service or remote code execution.\n\n## Technical Details\n\n- **CWE ID**: CWE-416 (Use After Free)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 5.9 (Medium)\n- **EPSS Score**: 0.00227 (Percentile: 13.34%)\n- **Impact**: Availability (High)\n- **Exploit Status**: None (No public exploits or weaponized payloads)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- ImageMagick 6.x installations prior to version 6.9.13-50\n- ImageMagick 7.x installations prior to version 7.1.2-25\n- **ImageMagick**: &amp;lt; 6.9.13-50 (Fixed in: `6.9.13-50`)\n- **ImageMagick**: &amp;gt;= 7.0.0-0, &amp;lt; 7.1.2-25 (Fixed in: `7.1.2-25`)\n\n## Mitigation\n\n- Upgrade to ImageMagick 6.9.13-50 (legacy branch) or 7.1.2-25 (modern branch) or newer.\n- Disable parsing of vulnerable vector formats (SVG, MVG, PDF, EPS, PS) via policy.xml configuration.\n- Enforce strict memory limits inside ImageMagick's policy.xml to mitigate memory allocation manipulation.\n\n**Remediation Steps:**\n1. Identify vulnerable ImageMagick deployments using local container scanning, host package managers, or software composition analysis.\n2. Deploy security updates or compile from patched sources for both 6.x and 7.x code paths.\n3. Configure ImageMagick policy.xml file to restrict vector file processing capabilities if updates cannot be immediately applied.\n\n## References\n\n- [Official GitHub Security Advisory](https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2)\n- [Magick.NET Release Package Info (Wrapper Fix)](https://github.com/dlemstra/Magick.NET/releases/tag/14.14.0)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-53462)\n- [Wiz Vulnerability Analysis Portal](https://www.wiz.io/vulnerability-database/cve/cve-2026-53462)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-53462) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-26T16:42:20.253067Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2cd258ea-7cd8-4c9b-bec7-d9577f298bc9/export</guid>
      <pubDate>Fri, 26 Jun 2026 16:42:20 +0000</pubDate>
    </item>
  </channel>
</rss>
