CVE-2026-30929
Published: 10 March 2026
Summary
CVE-2026-30929 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely remediation of flaws like the stack buffer overflow in ImageMagick's MagnifyImage function by applying patches to versions 7.1.2-16 or 6.9.13-41, directly eliminating the vulnerability.
SI-16 implements memory protections such as stack canaries and address space randomization that directly counter stack buffer overflow exploitation in ImageMagick's MagnifyImage even in unpatched versions.
SI-10 enforces validation of image inputs to ImageMagick, restricting malformed or oversized images that trigger the fixed-size stack buffer overflow in MagnifyImage.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in ImageMagick enables local arbitrary code execution (or DoS) via crafted image with no prior privileges or user interaction required, directly mapping to exploitation of client software for code execution.
NVD Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the…
more
stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Deeper analysisAI
CVE-2026-30929 is a stack buffer overflow vulnerability in the MagnifyImage function of ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue affects versions prior to 7.1.2-16 (for the 7.x series) and 6.9.13-41 (for the 6.x series), where processing a specially crafted image can overflow a fixed-size stack buffer, leading to stack corruption. It is rated 7.7 on the CVSS v3.1 scale (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) and is associated with CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).
A local attacker with no privileges required can exploit this vulnerability with low complexity and no user interaction by supplying a malicious image to an ImageMagick instance processing it, such as through command-line tools like 'magick' or libraries in applications. Successful exploitation enables high-impact integrity and availability violations, potentially allowing arbitrary code execution, denial of service, or other stack corruption effects, while confidentiality remains unaffected due to the unchanged scope.
The ImageMagick security advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg details the fix in versions 7.1.2-16 and 6.9.13-41, recommending immediate upgrades for affected systems. Practitioners should verify deployments, especially in automated image processing pipelines, and consider input validation or sandboxing as interim mitigations until patching.
Details
- CWE(s)