← volver
CVE-2026-56379

ImageMagick - Command Injection via SVG Decoder

CVSS 0 NONEEPSS 0.8%CWE-116
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
ImageMagick · ImageMagick

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56https://www.vulncheck.com/advisories/imagemagick-command-injection-via-svg-decoder