CVE Vulnerabilities

CVE-2026-46559

Off-by-one Error

Published: Jun 10, 2026 | Modified: Jun 11, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.2 MODERATE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Weakness

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Software

NameVendorStart VersionEnd Version
ImagemagickImagemagick*6.9.13-48 (excluding)
ImagemagickImagemagick7.0.0-0 (including)7.1.2-23 (excluding)

Potential Mitigations

References