GHSA-vhrh-72hq-w8m7MediumCVSS 5.7

ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

Published
May 18, 2026
Last Modified
May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-45359

📋 Description

An invalid `connected-components:keep-top` value could result in a heap buffer over-read when performing the connected components operation.

🎯 Affected products18

  • nuget/Magick.NET-Q16-AnyCPU:< 14.13.1
  • nuget/Magick.NET-Q16-HDRI-AnyCPU:< 14.13.1
  • nuget/Magick.NET-Q16-HDRI-OpenMP-arm64:< 14.13.1
  • nuget/Magick.NET-Q16-HDRI-OpenMP-x64:< 14.13.1
  • nuget/Magick.NET-Q16-HDRI-arm64:< 14.13.1
  • nuget/Magick.NET-Q16-HDRI-x64:< 14.13.1
  • nuget/Magick.NET-Q16-HDRI-x86:< 14.13.1
  • nuget/Magick.NET-Q16-OpenMP-arm64:< 14.13.1
  • nuget/Magick.NET-Q16-OpenMP-x64:< 14.13.1
  • nuget/Magick.NET-Q16-arm64:< 14.13.1
  • nuget/Magick.NET-Q16-x64:< 14.13.1
  • nuget/Magick.NET-Q16-x86:< 14.13.1
  • nuget/Magick.NET-Q8-AnyCPU:< 14.13.1
  • nuget/Magick.NET-Q8-OpenMP-arm64:< 14.13.1
  • nuget/Magick.NET-Q8-OpenMP-x64:< 14.13.1
  • nuget/Magick.NET-Q8-arm64:< 14.13.1
  • nuget/Magick.NET-Q8-x64:< 14.13.1
  • nuget/Magick.NET-Q8-x86:< 14.13.1

🔗 References (2)