GHSA-pmpg-6pww-fg6qLowCVSS 3.3

ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts

Published
April 14, 2026
Last Modified
June 24, 2026

🔗 CVE IDs covered (1)

📋 Description

When the connected-components:* define specifies an invalid index and out of bound operation will result in an access violation.

🎯 Affected products18

  • nuget/Magick.NET-Q16-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-x64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-x86:< 14.12.0
  • nuget/Magick.NET-Q16-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-OpenMP-x64:< 14.12.0
  • nuget/Magick.NET-Q16-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-x64:< 14.12.0
  • nuget/Magick.NET-Q16-x86:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-OpenMP-x64:< 14.12.0
  • nuget/Magick.NET-Q8-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q8-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q8-OpenMP-x64:< 14.12.0
  • nuget/Magick.NET-Q8-arm64:< 14.12.0
  • nuget/Magick.NET-Q8-x64:< 14.12.0
  • nuget/Magick.NET-Q8-x86:< 14.12.0

🔗 References (2)