CVE-2026-28693 · ImageMagick is free and open-source software used for editing and manipulating digital images.

01 · The Real Story

This is a bad cartridge in the image parser, not a front-door master key

CVE-2026-28693 is an integer-overflow bug in ImageMagick's DIB coder that can lead to out-of-bounds read or write when a target processes a crafted DIB/BMP-family image. Upstream says ImageMagick < 7.1.2-16 and ImageMagick 6 < 6.9.13-41 are affected; downstream Linux distros have issued their own backported fixed builds.

The vendor's HIGH 8.1 baseline overstates enterprise patch urgency for most fleets because AV:N only becomes true when you already have a reachable workflow that automatically hands attacker-supplied images to ImageMagick. In real deployments this is usually an upload, thumbnailing, document pipeline, mail pipeline, CMS, or internal batch converter problem; that exposure gate sharply narrows the reachable population, and there is no KEV listing, no public exploitation evidence, and no public weaponized PoC located in open sources for this CVE.

"High on paper, but usually a file-ingestion bug, not an internet-breaks-everything bug"

02 · The Attack Path

4 steps from start to impact.

STEP 01

Reach an image-processing workflow

The attacker first needs a service or job that accepts untrusted images and routes them into ImageMagick, such as a web upload endpoint, avatar resizer, CI artifact transformer, MTA attachment sanitizer, or internal media pipeline. The practical weapon here is the application's own upload/API surface, not ImageMagick as a standalone internet service.

Conditions required:

A reachable workflow must ingest attacker-controlled image content
That workflow must invoke ImageMagick on DIB/BMP input or auto-detect it
Security policy.xml or wrapper logic must not reject the file before parsing

Where this breaks in practice:

ImageMagick is commonly embedded behind another application, so there is no generic exposed port to hit
Many enterprises do not process DIB files from untrusted users at all
File-type allowlists, MIME validation, and conversion sandboxes often block oddball formats before parser reach

Detection/coverage: External vuln scanners have poor direct coverage because the product is usually a library/CLI behind an app, not a bannered network daemon.

STEP 02

Deliver a crafted DIB payload

The attacker supplies a malformed DIB image designed to trigger integer overflow inside the DIB coder. No public exploit kit was identified in open sources for this CVE, so the likely weapon is a custom sample generated with python3/struct, a fuzzing harness, or a purpose-built file mutator.

Conditions required:

Attacker can upload, email, submit, sync, or otherwise place a crafted file into the processing path
The pipeline preserves enough of the file structure to reach the vulnerable parser

Where this breaks in practice:

Upload gateways may transcode, strip, or reject unsupported image types
Some apps pre-parse with safer libraries before ever calling ImageMagick
No public PoC lowers copy-paste attacker throughput

Detection/coverage: Content-aware gateways may log unusual DIB/BMP samples, but most VA tools will not validate exploitability from outside the app.

STEP 03

Trigger integer overflow in the DIB coder

When ImageMagick parses the malicious image, arithmetic in the DIB coder can overflow and collapse bounds assumptions, enabling out-of-bounds read or write. The concrete impact is memory corruption in the ImageMagick process handling the file.

Conditions required:

A vulnerable ImageMagick build is present
The code path must parse the attacker-controlled DIB fields
Runtime hardening must not prevent the process from reaching the flawed operation

Where this breaks in practice:

CVSS marks AC:H, which is consistent with parser-state and file-layout constraints
ASLR, PIE, hardened allocators, seccomp, containers, and service isolation raise the bar from crash to reliable code execution
Many modern deployments run image workers in short-lived containers with low privileges

Detection/coverage: Crash telemetry, core dumps, sanitizer logs in pre-prod, and EDR child-process anomaly detection are more useful than perimeter scanning.

STEP 04

Convert corruption into impact

The most probable enterprise outcome is process crash or worker instability; stronger outcomes like data exposure or code execution depend on allocator behavior, memory layout, and surrounding app privileges. The attacker's effective tool at this stage is memory-corruption tradecraft, not an off-the-shelf exploit module.

Conditions required:

The vulnerable worker has access to useful data or a meaningful privilege context
The attacker can turn the corruption into controlled read/write or repeated denial of service

Where this breaks in practice:

Reliable RCE is unproven in public reporting for this CVE
If the worker runs unprivileged and isolated, blast radius stays local to one service or job
One-shot crashes are noisy and often auto-restarted

Detection/coverage: EDR should catch post-crash follow-on behavior, while service monitoring should catch repeated converter crashes or spikes in failed image jobs.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public exploitation evidence found in the sources reviewed, and not listed in the CISA KEV catalog.
Proof-of-concept availability	No public weaponized PoC located in open-source searches for `CVE-2026-28693`; the upstream GHSA is terse and does not publish an exploit.
EPSS	User-supplied EPSS is 0.00067 (0.067%), which is very low; a secondary aggregator reflecting FIRST data shows roughly P20 for this CVE. Treat that as downward pressure on urgency, not proof of safety.
KEV status	No. The CISA KEV catalog source reviewed contains no entry for `CVE-2026-28693`.
CVSS vector reality check	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H` looks scary, but `AV:N` is only real if an exposed workflow automatically feeds attacker files into ImageMagick. In most fleets that means conditional remote reachability, not a directly exposed service.
Affected versions	Upstream affected ranges are ImageMagick `< 7.1.2-16` and ImageMagick 6 `< 6.9.13-41` per GHSA and NVD.
Fixed versions	Upstream fixes are 7.1.2-16 and 6.9.13-41. Debian tracks backports including bullseye `8:6.9.11.60+dfsg-1.3+deb11u11`, bookworm `8:6.9.11.60+dfsg-1.6+deb12u8`, trixie `8:7.1.1.43+dfsg1-1+deb13u7`, and unstable `8:7.1.2.16+dfsg1-1`; SUSE and Amazon Linux also show fixed downstream packages.
Scanning / exposure data	Inference: internet-wide scanners like Shodan/Censys/GreyNoise are poor fit here because ImageMagick is usually a library/CLI behind another app, not a fingerprintable daemon. Your exposure inventory should come from SBOMs, package inventories, container images, and application dependency maps instead.
Disclosure timeline	GitHub published the advisory on 2026-03-09; NVD shows publication on 2026-03-10 and NIST enrichment activity on 2026-03-11.
Reporter / credit	The GHSA credits `jakelodwick` as remediation developer; no separate external researcher write-up was found in the reviewed public sources.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (6.0/10)

The decisive factor is exposure gating: this bug is dangerous only where attacker-controlled images reliably reach ImageMagick's DIB parser, which is a much smaller population than the raw AV:N label implies. With no KEV entry, no public exploitation evidence, no public PoC, and AC:H, this looks like a real parser bug but not a fleet-wide fire drill.

HIGH Affected upstream version ranges and fixed versions

MEDIUM Real-world exploitability assessment for common enterprise deployments

MEDIUM Absence of public exploitation / PoC in reviewed sources

Why this verdict

Exposure is conditional, not universal: start from vendor 8.1 HIGH, then subtract because ImageMagick is usually reached only through a file-processing workflow, not a native internet-facing service.
Attack complexity is already high: the CNA vector includes AC:H, and there is no public exploit tooling to flatten that complexity for commodity attackers.
Threat intel is cold: no CISA KEV listing, very low EPSS, and no public exploitation evidence found, so there is no signal that attackers are prioritizing this issue at scale.

Why not higher?

There is no current evidence that this CVE is being exploited in the wild, and no public PoC was found that would let low-skill actors operationalize it quickly. More importantly, most enterprises are not directly exposing a raw ImageMagick parser to the internet; they expose applications that may or may not pass attacker files into this code path.

Why not lower?

This is still memory corruption in a very common image-processing component, and many enterprises do have auto-processing upload paths where untrusted content is normalized without human review. If you run externally reachable media pipelines, mail sanitizers, or conversion workers, the reachable population inside your environment can be meaningful even if the global internet-facing population is not.

05 · Compensating Control

What to do — in priority order.

Block or de-prioritize DIB/BMP-family ingestion where possible — If your business does not require DIB/BMP uploads, reject them at the application layer, reverse proxy, mail gateway, and object-ingest APIs. For a MEDIUM verdict there is no mitigation SLA; use this immediately only on exposed workflows that cannot be patched soon.
Constrain ImageMagick worker privileges — Run conversion workers as non-root in containers or sandboxes with tight filesystem, process, and network permissions so a parser crash or memory-corruption event has limited blast radius. For MEDIUM, there is no mitigation SLA — go straight to the remediation window, but keep this in place as durable hardening.
Enforce format allowlists before ImageMagick — Validate MIME type and magic bytes with a pre-parser and route only approved formats into ImageMagick. This cuts off oddball or malformed containers before the vulnerable DIB coder ever runs; deploy where patch lag exists, even though MEDIUM has no formal mitigation deadline.
Monitor converter crash telemetry — Alert on repeated magick/convert crashes, container restarts, and failed image-processing jobs. This will not prevent exploitation, but it gives you fast signal if someone is probing the parser while you work through the 365-day remediation window.

What doesn't work

WAF rules alone: a WAF cannot see parser-state bugs once the application accepts and forwards an image blob to a backend worker.
MFA: there is no authentication bypass here; MFA does nothing if the vulnerable path is an anonymous upload or inbound file-processing workflow.
Network perimeter scanning: this is usually not a bannered service, so generic exposure scans miss the actual risk concentration inside application pipelines.

06 · Verification

Crowdsourced verification payload.

Run this on the target Linux host or container image that has ImageMagick installed. Invoke it as bash check-cve-2026-28693.sh; no root is required for binary checks, but package-manager queries may work more reliably with local shell access to the host image.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# check-cve-2026-28693.sh
# Determine likely exposure to CVE-2026-28693 on Linux hosts.
# Outputs one of: VULNERABLE / PATCHED / UNKNOWN
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN

set -u

have_cmd() { command -v "$1" >/dev/null 2>&1; }
ver_ge() {
  # returns 0 if $1 >= $2 using version sort
  [ "$(printf '%s\n%s\n' "$2" "$1" | sort -V | head -n1)" = "$2" ]
}

upstream_version=""
if have_cmd magick; then
  upstream_version=$(magick -version 2>/dev/null | awk 'NR==1{print $3}')
elif have_cmd convert; then
  upstream_version=$(convert -version 2>/dev/null | awk 'NR==1{print $3}')
fi

# Upstream safe thresholds from GHSA/NVD
if [ -n "$upstream_version" ]; then
  if [[ "$upstream_version" =~ ^7\. ]]; then
    if ver_ge "$upstream_version" "7.1.2-16"; then
      echo "PATCHED"
      exit 0
    else
      echo "VULNERABLE"
      exit 1
    fi
  elif [[ "$upstream_version" =~ ^6\. ]]; then
    if ver_ge "$upstream_version" "6.9.13-41"; then
      echo "PATCHED"
      exit 0
    else
      echo "VULNERABLE"
      exit 1
    fi
  fi
fi

# Debian/Ubuntu backport awareness
if have_cmd dpkg-query; then
  pkgver=$(dpkg-query -W -f='${Version}\n' imagemagick 2>/dev/null | head -n1)
  if [ -n "$pkgver" ]; then
    if have_cmd dpkg && dpkg --compare-versions "$pkgver" ge "8:7.1.2.16+dfsg1-1"; then
      echo "PATCHED"
      exit 0
    fi
    if have_cmd dpkg && dpkg --compare-versions "$pkgver" ge "8:7.1.1.43+dfsg1-1+deb13u7"; then
      echo "PATCHED"
      exit 0
    fi
    if have_cmd dpkg && dpkg --compare-versions "$pkgver" ge "8:6.9.11.60+dfsg-1.6+deb12u8"; then
      echo "PATCHED"
      exit 0
    fi
    if have_cmd dpkg && dpkg --compare-versions "$pkgver" ge "8:6.9.11.60+dfsg-1.3+deb11u11"; then
      echo "PATCHED"
      exit 0
    fi
    echo "UNKNOWN"
    exit 2
  fi
fi

# RPM-based systems: package versions vary by backport policy.
# If we can only see package presence without a trusted mapping, be conservative.
if have_cmd rpm; then
  if rpm -q ImageMagick >/dev/null 2>&1 || rpm -q imagemagick >/dev/null 2>&1; then
    echo "UNKNOWN"
    exit 2
  fi
fi

echo "UNKNOWN"
exit 2

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, query your fleet for ImageMagick in internet-reachable upload, thumbnailing, mail, and document-conversion paths first, then patch those instances before treating the rest as routine library hygiene. For this MEDIUM reassessment there is no noisgate mitigation SLA — go straight to the 365-day remediation window; use temporary format blocking or worker isolation only where patch lag is unavoidable, and complete vendor patching inside the noisgate remediation SLA of ≤365 days.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.