{
  "threat_severity" : "Important",
  "public_date" : "2026-06-10T21:22:02Z",
  "bugzilla" : {
    "description" : "ImageMagick: ImageMagick: Denial of Service via crafted MSL image leading to heap-use-after-free",
    "id" : "2487743",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2487743"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-825",
  "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue.", "A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted MSL (Magick Scripting Language) image. Processing this malicious image could trigger a heap-use-after-free error, leading to a denial of service (DoS) condition." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-06-29T00:00:00Z",
    "advisory" : "RHSA-2026:32961",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "ImageMagick-0:6.9.10.68-17.el7_9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-46523\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46523\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q" ],
  "name" : "CVE-2026-46523",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}