ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage

A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.

=================================================================
==661320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000002754 at pc 0x5ff45f82c92a bp 0x7fffb732b400 sp 0x7fffb732b3f0
WRITE of size 4 at 0x503000002754 thread T0

References

dlemstra published to ImageMagick/ImageMagick Mar 9, 2026

Published by the National Vulnerability Database Mar 10, 2026

Published to the GitHub Advisory Database Mar 12, 2026

Reviewed Mar 12, 2026

Last updated Mar 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Heap-based Buffer Overflow

CVE ID

GHSA ID

Source code

Credits

Uh oh!