CVE-2026-22770
CRITICAL EPSS 25.4%
Published Jan 20, 20265mo ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Jan 20, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
25.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-763
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| imagemagick | imagemagick | * | <7.1.2-13 |
References 2
- github.com https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e
- github.com https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c
Remediation
- github.com https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e