Integer Overflow or Wraparound

CVE-2026-33900

High

7.5/10

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 6.9.13-44 and 7.x prior to 7.1.2-19, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19. All versions of Magick.NET prior to 14.12.0 are also affected.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-190 - Integer Overflow or Wraparound

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

Advisory

Advisory Timeline

Published Apr 13, 2026

Integer Overflow or Wraparound

CVE-2026-33900

Summary

CWE-190 - Integer Overflow or Wraparound

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS