{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-11T19:46:50Z",
  "bugzilla" : {
    "description" : "ImageMagick: ImageMagick: Denial of Service due to an overflow vulnerability in MIFF file processing",
    "id" : "2471934",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2471934"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-131",
  "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability is fixed in 7.1.2-21 and 6.9.13-46.", "A flaw was found in ImageMagick. A user opening a specially crafted MIFF (Magick Image File Format) file in the display tool and right-clicking a tile to invoke the Load / Update menu item could trigger an overflow vulnerability. This overflow could lead to a denial of service, making the application unavailable." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-42050\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-42050\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p" ],
  "name" : "CVE-2026-42050",
  "mitigation" : {
    "value" : "Users should avoid opening or interacting with untrusted MIFF (Magick Image File Format) files using the ImageMagick display tool. If the ImageMagick package is not essential for image display or other critical system functions, consider removing it. Be aware that removing ImageMagick may impact other applications that rely on its image processing capabilities.",
    "lang" : "en:us"
  },
  "csaw" : false
}