{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-13T20:59:47Z",
  "bugzilla" : {
    "description" : "ImageMagick: ImageMagick: Denial of Service via deeply nested expression in FX parser",
    "id" : "2458040",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2458040"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-770",
  "details" : [ "A flaw was found in ImageMagick, a software used for editing and manipulating digital images. An attacker can exploit this vulnerability by providing a deeply nested expression to ImageMagick's FX expression parser. This can lead to a stack overflow, causing the process to crash and resulting in a Denial of Service (DoS)." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-33902\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33902\nhttps://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw\nhttps://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" ],
  "name" : "CVE-2026-33902",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}