<Vulnerability name="CVE-2026-53467">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-07-01T18:50:56</PublicDate>
    <Bugzilla id="2496151" url="https://bugzilla.redhat.com/show_bug.cgi?id=2496151" xml:lang="en:us">
ImageMagick: ImageMagick: Information disclosure vulnerability in MNG decoder
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>5.3</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-908</CWE>
    <Details xml:lang="en:us" source="Mitre">
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in ImageMagick. The MNG decoder in ImageMagick contains a heap information disclosure vulnerability. This flaw could allow an attacker to potentially access sensitive information from memory due to parts of image pixels being left unchanged during processing. This could lead to unauthorized disclosure of data.
    </Details>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
    </Mitigation>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:6">
        <ProductName>Red Hat Enterprise Linux 6</ProductName>
        <FixState>Out of support scope</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:7">
        <ProductName>Red Hat Enterprise Linux 7</ProductName>
        <FixState>Out of support scope</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-53467
https://nvd.nist.gov/vuln/detail/CVE-2026-53467
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg
    </References>
</Vulnerability>