{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-26T19:57:53Z",
  "bugzilla" : {
    "description" : "ImageMagick: ImageMagick: Denial of Service via out-of-bounds write",
    "id" : "2451849",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2451849"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-823",
  "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue.", "A flaw was found in ImageMagick, an open-source software for image manipulation. This vulnerability, caused by an incorrect return value, allows a local attacker to write data outside of its intended memory area, known as an out-of-bounds write. The primary consequence of this flaw is a denial of service (DoS), which can make the application or system unavailable." ],
  "statement" : "Moderate: This flaw in ImageMagick, an image manipulation software, allows a local attacker to cause a denial of service due to an out-of-bounds write. This vulnerability affects Red Hat Enterprise Linux 6 ELS and 7 ELS, as well as community projects like Fedora and EPEL, where ImageMagick is installed and used for image processing.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-33536\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33536\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf" ],
  "name" : "CVE-2026-33536",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}