CVE-2026-23876 - Heap buffer overflow with attacker-controlled data in XBM parser

CVE ID : CVE-2026-23876 Published : Jan. 20, 2026, 1:15 a.m. | 1 hour, 13 minutes ago Description : ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...