ImageMagick has heap use-after-free in the MSL encoder

GHSA-xxw5-m53x-j38c · CVE-2026-28688

Published Mar 12, 2026 · Modified Mar 14, 2026

Description

A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed.

SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage
Shadow bytes around the buggy address:
  0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
  0x0a4e800074b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x0a4e800074c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0a4e800074d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0a4e800074e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0a4e800074f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

References

4.0 / 10

MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Packages

NuGet/Magick.NET-Q16-AnyCPU

Fix 14.10.4

Introduced 0

210 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +190 more

NuGet/Magick.NET-Q16-HDRI-AnyCPU

Fix 14.10.4

Introduced 0

207 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +187 more

NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64

Fix 14.10.4

Introduced 0

55 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +35 more

NuGet/Magick.NET-Q16-HDRI-OpenMP-x64

Fix 14.10.4

Introduced 0

107 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +87 more

NuGet/Magick.NET-Q16-HDRI-arm64

Fix 14.10.4

Introduced 0

55 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +35 more

NuGet/Magick.NET-Q16-HDRI-x64

Fix 14.10.4

Introduced 0

207 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +187 more

NuGet/Magick.NET-Q16-HDRI-x86

Fix 14.10.4

Introduced 0

207 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +187 more

NuGet/Magick.NET-Q16-OpenMP-arm64

Fix 14.10.4

Introduced 0

55 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +35 more

NuGet/Magick.NET-Q16-OpenMP-x64

Fix 14.10.4

Introduced 0

107 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +87 more

NuGet/Magick.NET-Q16-OpenMP-x86

Fix 14.10.4

Introduced 0

NuGet/Magick.NET-Q16-arm64

Fix 14.10.4

Introduced 0

55 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +35 more

NuGet/Magick.NET-Q16-x64

Fix 14.10.4

Introduced 0

226 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +206 more

NuGet/Magick.NET-Q16-x86

Fix 14.10.4

Introduced 0

226 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +206 more

NuGet/Magick.NET-Q8-AnyCPU

Fix 14.10.4

Introduced 0

210 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +190 more

NuGet/Magick.NET-Q8-OpenMP-arm64

Fix 14.10.4

Introduced 0

55 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +35 more

NuGet/Magick.NET-Q8-OpenMP-x64

Fix 14.10.4

Introduced 0

107 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +87 more

NuGet/Magick.NET-Q8-arm64

Fix 14.10.4

Introduced 0

55 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +35 more

NuGet/Magick.NET-Q8-x64

Fix 14.10.4

Introduced 0

226 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +206 more

NuGet/Magick.NET-Q8-x86

Fix 14.10.4

Introduced 0

226 affected versions

10.0.010.1.011.0.011.1.011.1.111.1.211.2.011.2.111.3.012.0.012.0.112.1.012.2.012.2.112.2.212.3.013.0.013.0.113.1.013.1.1 +206 more

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes