CVE-2026-45664

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

How to fix CVE-2026-45664

To remediate CVE-2026-45664, upgrade the affected package to a fixed version below.

Debian/imagemagick—no fix listed
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later
—upgrade to 14.13.1 or later

Is CVE-2026-45664 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-45664.

Affected packages (19)

from 0
from 0, < 14.13.1
from 0, < 14.13.1
from 0, < 14.13.1
from 0, < 14.13.1
from 0, < 14.13.1
from 0, < 14.13.1
from 0, < 14.13.1
from 0, < 14.13.1
from 0, < 14.13.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L