MEDIUM 4.8 NuGet
ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder
GHSA-mrmj-x24c-wwcv · CVE-2026-28692
Published · Modified
Description
In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.
=================================================================
==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70
READ of size 8 at 0x506000003b40 thread T0
Ready to move
Start Securing
Free, no credit card | First findings in minutes