CVE-2026-40312

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-40312
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40312.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-40312
Aliases
Downstream
Related
Published
2026-04-13T21:43:28.416Z
Modified
2026-05-19T04:02:58.827033709Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ImageMagick: Off-by-One in MSL decoder could result in crash
Details

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-193"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40312.json"
}
References

Affected packages

Git / github.com/dlemstra/magick.net

Affected ranges

Type
GIT
Repo
https://github.com/dlemstra/magick.net
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
158db3ad7f38ab3023f5dce59fb17a0f27a8cd43
Database specific 
{
    "source": "REFERENCES"
}

Affected versions

10.*
10.0.0
10.1.0
11.*
11.0.0
11.1.0
11.1.1
11.1.2
11.2.0
11.2.1
11.3.0
12.*
12.0.0
12.0.1
12.1.0
12.2.0
12.2.1
12.2.2
12.3.0
13.*
13.0.0
13.0.1
13.1.0
13.1.1
13.1.2
13.1.3
13.10.0
13.2.0
13.3.0
13.4.0
13.5.0
13.6.0
13.7.0
13.8.0
13.9.0
13.9.1
14.*
14.0.0
14.1.0
14.10.0
14.10.1
14.10.2
14.10.3
14.10.4
14.11.0
14.11.1
14.2.0
14.3.0
14.4.0
14.5.0
14.6.0
14.7.0
14.8.0
14.8.1
14.8.2
14.9.0
14.9.1
6.*
6.8.5.1001
6.8.5.401
6.8.5.402
6.8.6.301
6.8.6.601
6.8.6.801
6.8.7.1
6.8.7.101
6.8.7.501
6.8.7.502
6.8.7.901
6.8.8.1001
6.8.8.201
6.8.8.501
6.8.8.701
6.8.8.801
6.8.8.901
6.8.9.1
6.8.9.101
6.8.9.2
6.8.9.401
6.8.9.501
6.8.9.601
7.*
7.0.0.1
7.0.0.10
7.0.0.101
7.0.0.102
7.0.0.103
7.0.0.104
7.0.0.11
7.0.0.12
7.0.0.13
7.0.0.14
7.0.0.15
7.0.0.16
7.0.0.17
7.0.0.18
7.0.0.19
7.0.0.2
7.0.0.20
7.0.0.21
7.0.0.22
7.0.0.3
7.0.0.5
7.0.0.6
7.0.0.7
7.0.0.8
7.0.0.9
7.0.1.0
7.0.1.100
7.0.1.101
7.0.1.500
7.0.2.100
7.0.2.400
7.0.2.600
7.0.2.900
7.0.2.901
7.0.2.902
7.0.3.0
7.0.3.1
7.0.3.300
7.0.3.500
7.0.3.501
7.0.3.502
7.0.3.901
7.0.3.902
7.0.4.100
7.0.4.400
7.0.4.700
7.0.4.701
7.0.5.500
7.0.5.501
7.0.5.502
7.0.5.800
7.0.5.900
7.0.6.0
7.0.6.100
7.0.6.1000
7.0.6.1001
7.0.6.1002
7.0.6.101
7.0.6.102
7.0.6.600
7.0.6.601
7.0.7.0
7.0.7.300
7.0.7.700
7.0.7.900
7.1.0.0
7.10.0.0
7.10.1.0
7.10.2.0
7.11.0.0
7.11.1.0
7.12.0.0
7.13.0.0
7.13.1.0
7.14.0.0
7.14.0.1
7.14.0.2
7.14.0.3
7.14.1.0
7.14.2.0
7.14.3.0
7.14.4.0
7.14.5.0
7.15.0.0
7.15.0.1
7.15.1.0
7.15.2.0
7.15.3.0
7.15.4.0
7.15.5.0
7.16.0.0
7.16.1.0
7.17.0.0
7.17.0.1
7.18.0.0
7.19.0.0
7.19.0.1
7.2.0.0
7.2.1.0
7.20.0.0
7.20.0.1
7.21.0.0
7.21.1.0
7.22.0.0
7.22.1.0
7.22.2.0
7.22.2.1
7.22.2.2
7.22.3.0
7.23.0.0
7.23.1.0
7.23.2.0
7.23.2.1
7.23.3.0
7.23.4.0
7.24.0.0
7.24.1.0
7.3.0.0
7.4.0.0
7.4.1.0
7.4.2.0
7.4.3.0
7.4.4.0
7.4.5.0
7.4.6.0
7.5.0.0
7.5.0.1
7.6.0.0
7.6.0.1
7.7.0.0
7.8.0.0
7.9.0.0
7.9.0.1
7.9.0.2
7.9.1.0
7.9.2.0
8.*
8.0.0
8.0.1
8.1.0
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.5.0
8.6.0
8.6.1
9.*
9.0.0
9.1.0
9.1.1
9.1.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40312.json"

Git / github.com/imagemagick/imagemagick

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9fbd2b79450e930edb95e8158d412e57a7b27e83
Fixed
2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d
Database specific 
{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.1.2-19"
        }
    ]
}

Affected versions

7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.10-0
7.0.10-1
7.0.10-10
7.0.10-11
7.0.10-12
7.0.10-13
7.0.10-14
7.0.10-15
7.0.10-16
7.0.10-17
7.0.10-18
7.0.10-19
7.0.10-2
7.0.10-20
7.0.10-21
7.0.10-22
7.0.10-23
7.0.10-24
7.0.10-25
7.0.10-26
7.0.10-27
7.0.10-28
7.0.10-29
7.0.10-3
7.0.10-30
7.0.10-31
7.0.10-32
7.0.10-33
7.0.10-34
7.0.10-35
7.0.10-36
7.0.10-37
7.0.10-38
7.0.10-39
7.0.10-4
7.0.10-40
7.0.10-41
7.0.10-42
7.0.10-43
7.0.10-44
7.0.10-45
7.0.10-46
7.0.10-47
7.0.10-48
7.0.10-49
7.0.10-5
7.0.10-50
7.0.10-51
7.0.10-52
7.0.10-53
7.0.10-54
7.0.10-55
7.0.10-56
7.0.10-57
7.0.10-58
7.0.10-59
7.0.10-6
7.0.10-60
7.0.10-61
7.0.10-62
7.0.10-7
7.0.10-8
7.0.10-9
7.0.11-0
7.0.11-1
7.0.11-10
7.0.11-11
7.0.11-12
7.0.11-13
7.0.11-14
7.0.11-2
7.0.11-3
7.0.11-4
7.0.11-5
7.0.11-6
7.0.11-7
7.0.11-8
7.0.11-9
7.0.2-0
7.0.2-1
7.0.2-10
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
7.0.3-0
7.0.3-1
7.0.3-10
7.0.3-2
7.0.3-3
7.0.3-4
7.0.3-5
7.0.3-6
7.0.3-7
7.0.3-8
7.0.3-9
7.0.4-0
7.0.4-1
7.0.4-10
7.0.4-2
7.0.4-3
7.0.4-4
7.0.4-5
7.0.4-6
7.0.4-7
7.0.4-8
7.0.4-9
7.0.5-0
7.0.5-1
7.0.5-10
7.0.5-2
7.0.5-3
7.0.5-4
7.0.5-5
7.0.5-6
7.0.5-7
7.0.5-8
7.0.5-9
7.0.6-0
7.0.6-1
7.0.6-2
7.0.6-3
7.0.6-4
7.0.6-5
7.0.6-6
7.0.6-7
7.0.6-8
7.0.6-9
7.0.7-0
7.0.7-1
7.0.7-10
7.0.7-11
7.0.7-12
7.0.7-13
7.0.7-14
7.0.7-15
7.0.7-16
7.0.7-17
7.0.7-18
7.0.7-19
7.0.7-2
7.0.7-20
7.0.7-21
7.0.7-22
7.0.7-23
7.0.7-24
7.0.7-25
7.0.7-26
7.0.7-27
7.0.7-28
7.0.7-29
7.0.7-3
7.0.7-30
7.0.7-31
7.0.7-32
7.0.7-33
7.0.7-34
7.0.7-35
7.0.7-36
7.0.7-37
7.0.7-38
7.0.7-39
7.0.7-4
7.0.7-5
7.0.7-6
7.0.7-8
7.0.7-9
7.0.7.7
7.0.8-0
7.0.8-1
7.0.8-10
7.0.8-11
7.0.8-12
7.0.8-13
7.0.8-14
7.0.8-15
7.0.8-16
7.0.8-17
7.0.8-18
7.0.8-19
7.0.8-2
7.0.8-20
7.0.8-21
7.0.8-22
7.0.8-23
7.0.8-24
7.0.8-25
7.0.8-26
7.0.8-27
7.0.8-28
7.0.8-29
7.0.8-3
7.0.8-30
7.0.8-31
7.0.8-32
7.0.8-33
7.0.8-34
7.0.8-35
7.0.8-36
7.0.8-37
7.0.8-38
7.0.8-39
7.0.8-4
7.0.8-40
7.0.8-41
7.0.8-42
7.0.8-43
7.0.8-44
7.0.8-45
7.0.8-46
7.0.8-47
7.0.8-48
7.0.8-49
7.0.8-5
7.0.8-50
7.0.8-51
7.0.8-52
7.0.8-53
7.0.8-54
7.0.8-55
7.0.8-56
7.0.8-57
7.0.8-58
7.0.8-59
7.0.8-6
7.0.8-60
7.0.8-61
7.0.8-62
7.0.8-63
7.0.8-64
7.0.8-65
7.0.8-66
7.0.8-67
7.0.8-68
7.0.8-7
7.0.8-8
7.0.8-9
7.0.9-0
7.0.9-1
7.0.9-10
7.0.9-11
7.0.9-12
7.0.9-13
7.0.9-14
7.0.9-15
7.0.9-16
7.0.9-17
7.0.9-18
7.0.9-19
7.0.9-2
7.0.9-20
7.0.9-21
7.0.9-22
7.0.9-23
7.0.9-24
7.0.9-25
7.0.9-26
7.0.9-27
7.0.9-4
7.0.9-5
7.0.9-6
7.0.9-7
7.0.9-8
7.0.9-9
7.1.0-0
7.1.0-1
7.1.0-10
7.1.0-11
7.1.0-12
7.1.0-13
7.1.0-14
7.1.0-15
7.1.0-16
7.1.0-17
7.1.0-18
7.1.0-19
7.1.0-2
7.1.0-20
7.1.0-21
7.1.0-22
7.1.0-23
7.1.0-24
7.1.0-25
7.1.0-26
7.1.0-27
7.1.0-28
7.1.0-29
7.1.0-3
7.1.0-30
7.1.0-31
7.1.0-32
7.1.0-33
7.1.0-34
7.1.0-35
7.1.0-36
7.1.0-37
7.1.0-38
7.1.0-39
7.1.0-4
7.1.0-40
7.1.0-41
7.1.0-42
7.1.0-43
7.1.0-44
7.1.0-45
7.1.0-46
7.1.0-47
7.1.0-48
7.1.0-49
7.1.0-5
7.1.0-50
7.1.0-51
7.1.0-52
7.1.0-53
7.1.0-54
7.1.0-55
7.1.0-56
7.1.0-57
7.1.0-58
7.1.0-59
7.1.0-6
7.1.0-60
7.1.0-61
7.1.0-62
7.1.0-7
7.1.0-8
7.1.0-9
7.1.1-0
7.1.1-1
7.1.1-10
7.1.1-11
7.1.1-12
7.1.1-13
7.1.1-14
7.1.1-15
7.1.1-16
7.1.1-17
7.1.1-18
7.1.1-19
7.1.1-2
7.1.1-20
7.1.1-21
7.1.1-22
7.1.1-23
7.1.1-24
7.1.1-25
7.1.1-26
7.1.1-27
7.1.1-28
7.1.1-29
7.1.1-3
7.1.1-30
7.1.1-31
7.1.1-32
7.1.1-33
7.1.1-34
7.1.1-35
7.1.1-36
7.1.1-37
7.1.1-38
7.1.1-39
7.1.1-4
7.1.1-40
7.1.1-41
7.1.1-43
7.1.1-44
7.1.1-45
7.1.1-46
7.1.1-47
7.1.1-5
7.1.1-6
7.1.1-7
7.1.1-8
7.1.1-9
7.1.2-0
7.1.2-1
7.1.2-10
7.1.2-11
7.1.2-12
7.1.2-13
7.1.2-14
7.1.2-15
7.1.2-16
7.1.2-17
7.1.2-18
7.1.2-2
7.1.2-3
7.1.2-5
7.1.2-6
7.1.2-7
7.1.2-8
7.1.2-9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40312.json"