CVE-2026-28690

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-28690

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-28690.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2026-28690

Aliases

GHSA-7h7q-j33q-hvpf

Downstream

DEBIAN-CVE-2026-28690

DSA-6169-1

ECHO-41d4-a680-a9b3

MGASA-2026-0067

MINI-47fc-4crm-62rc

OESA-2026-1692

OESA-2026-1693

OESA-2026-1694

OESA-2026-1695

OESA-2026-1696

OESA-2026-1697

ROOT-OS-DEBIAN-11-CVE-2026-28690

ROOT-OS-DEBIAN-12-CVE-2026-28690

SUSE-SU-2026:1201-1

SUSE-SU-2026:1202-1

SUSE-SU-2026:1203-1

SUSE-SU-2026:1300-1

SUSE-SU-2026:1497-1

SUSE-SU-2026:20917-1

UBUNTU-CVE-2026-28690

openSUSE-SU-2026:10386-1

openSUSE-SU-2026:10399-1

openSUSE-SU-2026:20405-1

openSUSE-SU-2026:20441-1

Related

Published

2026-03-09T21:39:53.647Z

Modified

2026-05-15T04:14:32.486412272Z

Severity

6.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS Calculator

Summary

ImageMagick has a stack write buffer overflow in MNG encoder

Details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "6.9.13-41"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-121"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/28xxx/CVE-2026-28690.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages