GHSA-px7q-ggqj-hcf2: ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails
A use-after-free vulnerability exists in ImageMagick's Magick.NET-Q16-AnyCPU component when memory allocation fails in the CheckPrimitiveExtent function. This can lead to a heap-use-after-free condition causing application crashes. The issue affects versions prior to 14.14.0. No known exploits are reported in the wild.
AI Analysis
Technical Summary
CVE-2026-53462 describes a heap-use-after-free vulnerability in ImageMagick's Magick.NET-Q16-AnyCPU product. Specifically, when an allocation fails within the CheckPrimitiveExtent function, the software may incorrectly use freed memory, resulting in a crash. This vulnerability is classified under CWE-416 (Use After Free). The vulnerability has a CVSS 3.1 vector indicating network attack vector, high attack complexity, no privileges or user interaction required, and impacts availability only (causing crashes). The affected versions are all versions before 14.14.0.
Potential Impact
The vulnerability can cause a denial of service via application crash due to heap-use-after-free when allocation fails in CheckPrimitiveExtent. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider avoiding untrusted input that triggers this code path or apply any vendor-recommended workarounds once available.
GHSA-px7q-ggqj-hcf2: ImageMagick has a Use-After-Free when allocation in CheckPrimitiveExtent fails
Description
A use-after-free vulnerability exists in ImageMagick's Magick.NET-Q16-AnyCPU component when memory allocation fails in the CheckPrimitiveExtent function. This can lead to a heap-use-after-free condition causing application crashes. The issue affects versions prior to 14.14.0. No known exploits are reported in the wild.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-53462 describes a heap-use-after-free vulnerability in ImageMagick's Magick.NET-Q16-AnyCPU product. Specifically, when an allocation fails within the CheckPrimitiveExtent function, the software may incorrectly use freed memory, resulting in a crash. This vulnerability is classified under CWE-416 (Use After Free). The vulnerability has a CVSS 3.1 vector indicating network attack vector, high attack complexity, no privileges or user interaction required, and impacts availability only (causing crashes). The affected versions are all versions before 14.14.0.
Potential Impact
The vulnerability can cause a denial of service via application crash due to heap-use-after-free when allocation fails in CheckPrimitiveExtent. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider avoiding untrusted input that triggers this code path or apply any vendor-recommended workarounds once available.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-px7q-ggqj-hcf2
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-53462"]
- Ecosystems
- ["NuGet"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a3ef79627e9c79719ff8e9f
Added to database: 06/26/2026, 22:05:10 UTC
Last enriched: 06/26/2026, 22:19:54 UTC
Last updated: 06/27/2026, 03:36:42 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.