{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-28693","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-03-02T21:43:19.927Z","datePublished":"2026-03-09T21:42:28.143Z","dateUpdated":"2026-06-30T12:07:59.144Z"},"containers":{"cna":{"title":"ImageMagick has an integer overflow in DIB coder can result in out of bounds read or write","problemTypes":[{"descriptions":[{"cweId":"CWE-125","lang":"en","description":"CWE-125: Out-of-bounds Read","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-190","lang":"en","description":"CWE-190: Integer Overflow or Wraparound","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-787","lang":"en","description":"CWE-787: Out-of-bounds Write","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76","tags":["x_refsource_CONFIRM"],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76"}],"affected":[{"vendor":"ImageMagick","product":"ImageMagick","versions":[{"version":">= 7.0.0, < 7.1.2-16","status":"affected"},{"version":"< 6.9.13-41","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-03-09T21:42:28.143Z"},"descriptions":[{"lang":"en","value":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41."}],"source":{"advisory":"GHSA-hffp-q43q-qq76","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-10T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-28693"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-11T03:56:28.087Z"}},{"affected":[{"cpes":["cpe:/o:redhat:rhel_els:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_els:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"}],"datePublic":"2026-03-09T21:42:28.143Z","descriptions":[{"lang":"en","value":"A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. An integer overflow vulnerability in the DIB (Device Independent Bitmap) coder component can be exploited by a remote attacker. By processing a specially crafted image file, this flaw may lead to an out-of-bounds read or write, potentially resulting in arbitrary code execution, privilege escalation, information disclosure, or a Denial of Service (DoS)."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-28693"},{"name":"RHBZ#2445888","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445888"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28693.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6713"}],"solutions":[{"lang":"en","value":"RHSA-2026:6713: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"}],"timeline":[{"lang":"en","time":"2026-03-09T22:01:52.790Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-09T21:42:28.143Z","value":"Made public."}],"title":"ImageMagick: ImageMagick: Out-of-bounds read or write due to integer overflow in DIB coder","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:07:59.144Z"}}]}}