{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-09T21:49:36Z",
  "bugzilla" : {
    "description" : "ImageMagick: ImageMagick: Denial of Service via crafted image processing",
    "id" : "2445880",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2445880"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-787",
  "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.", "A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted image to a user, which, when processed with the -wavelet-denoise operation, could lead to an out-of-bounds heap write. This issue can result in a denial of service (DoS), causing the application to become unstable or crash." ],
  "statement" : "This is a MODERATE impact vulnerability. ImageMagick in Red Hat Enterprise Linux 6 ELS and 7 ELS is affected by a heap buffer overflow. This flaw occurs when processing a specially crafted image using the -wavelet-denoise operation, which could lead to an out-of-bounds write. Exploitation requires user interaction to process the malicious image.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-30936\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-30936\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5ggv-92r5-cp4p" ],
  "name" : "CVE-2026-30936",
  "mitigation" : {
    "value" : "To reduce the risk of exploitation, avoid processing untrusted or unverified image files with ImageMagick. Users should exercise caution when handling images from unknown sources. Additionally, consider restricting ImageMagick's capabilities through its policy file to limit exposure to potentially vulnerable operations or file formats.",
    "lang" : "en:us"
  },
  "csaw" : false
}