{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30931", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-07T16:40:05.885Z", "datePublished": "2026-03-09T21:47:48.915Z", "dateUpdated": "2026-03-10T14:53:10.526Z"}, "containers": {"cna": {"title": "ImageMagick has a heap-based buffer overflow in UHDR encoder", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 7.1.2-16", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-09T21:47:48.915Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16."}], "source": {"advisory": "GHSA-h95r-c8c7-mrwx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T14:53:03.333917Z", "id": "CVE-2026-30931", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T14:53:10.526Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T14:53:03.333917Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T14:53:07.369Z"}}], "cna": {"title": "ImageMagick has a heap-based buffer overflow in UHDR encoder", "source": {"advisory": "GHSA-h95r-c8c7-mrwx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 7.1.2-16"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-09T21:47:48.915Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30931", "state": "PUBLISHED", "dateUpdated": "2026-03-10T14:53:10.526Z", "dateReserved": "2026-03-07T16:40:05.885Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-09T21:47:48.915Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "E20BE285-7F97-4156-AFD3-80B9CFC8B945", "versionEndExcluding": "7.1.2-16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-16, un desbordamiento de b\u00fafer basado en mont\u00edculo en el codificador UHDR puede ocurrir debido a la truncaci\u00f3n de un valor y permitir\u00eda una escritura fuera de l\u00edmites. Esta vulnerabilidad est\u00e1 corregida en 7.1.2-16."}], "id": "CVE-2026-30931", "lastModified": "2026-03-13T16:59:45.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-10T07:44:57.303", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Heap-based buffer overflow leading to out-of-bounds write", "id": "2445900", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445900"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in ImageMagick, a software used for editing and manipulating digital images. A local attacker can exploit a heap-based buffer overflow vulnerability within the UHDR encoder. This vulnerability arises from the truncation of a value, enabling an out-of-bounds write. Successful exploitation could lead to a denial of service, making the software unavailable, and potentially result in information disclosure."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-30931", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-03-09T21:47:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-30931\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-30931\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx"], "statement": "MODERATE: This flaw in ImageMagick involves a heap-based buffer overflow within the UHDR encoder, which could lead to an out-of-bounds write due to value truncation. This vulnerability affects systems processing untrusted image files with ImageMagick.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-16)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "created": "2026-03-10T14:06:44.460461+00:00", "updated": "2026-03-10T14:06:44.460537+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}