{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53460","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-06-09T16:31:21.495Z","datePublished":"2026-06-10T22:02:22.689Z","dateUpdated":"2026-06-30T12:09:28.470Z"},"containers":{"cna":{"title":"ImageMagick: Policy Bypass can trigger out-of-Memory condition","problemTypes":[{"descriptions":[{"cweId":"CWE-770","lang":"en","description":"CWE-770: Allocation of Resources Without Limits or Throttling","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc","tags":["x_refsource_CONFIRM"],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc"}],"affected":[{"vendor":"ImageMagick","product":"ImageMagick","versions":[{"version":"< 6.9.13-50","status":"affected"},{"version":"< 7.1.2-25","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-06-10T22:02:22.689Z"},"descriptions":[{"lang":"en","value":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25."}],"source":{"advisory":"GHSA-q62c-h75r-2xhc","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-11T12:39:22.115161Z","id":"CVE-2026-53460","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-11T12:39:32.671Z"}},{"affected":[{"cpes":["cpe:/o:redhat:rhel_els:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:rhel_els:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"}],"datePublic":"2026-06-10T22:02:22.689Z","descriptions":[{"lang":"en","value":"A flaw was found in ImageMagick. A remote attacker could exploit a missing check for maximum memory requests in the AcquireAlignedMemory function, leading to an out-of-memory condition. This vulnerability could result in a Denial of Service (DoS), making the affected system or application unavailable."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-53460"},{"name":"RHBZ#2487757","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487757"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53460.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:32961"}],"solutions":[{"lang":"en","value":"RHSA-2026:32961: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"}],"timeline":[{"lang":"en","time":"2026-06-10T23:01:17.237Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-06-10T22:02:22.689Z","value":"Made public."}],"title":"ImageMagick: ImageMagick: Denial of Service via missing memory request check","workarounds":[{"lang":"en","value":"Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability. Customers are advised to apply the relevant security updates when they become available."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:09:28.470Z"}}]}}