CVE-2026-33536: ImageMagick has an Out-of-bounds Write via InterpretImageFilename

March 26, 2026 (updated April 6, 2026)

Due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write.

=================================================================
==48558==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00016b9b7490 at pc 0x0001046d48ac bp 0x00016b9b31d0 sp 0x00016b9b31c8
WRITE of size 1 at 0x00016b9b7490 thread T0

References

github.com/ImageMagick/ImageMagick
github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf
github.com/advisories/GHSA-8793-7xv6-82cf
nvd.nist.gov/vuln/detail/CVE-2026-33536

Code Behaviors & Features

Detect and mitigate CVE-2026-33536 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →