CVE-2026-28493: ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder

March 12, 2026

An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.

References

github.com/ImageMagick/ImageMagick
github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2
github.com/advisories/GHSA-r39q-jr8h-gcq2
github.com/dlemstra/Magick.NET/releases/tag/14.10.4
nvd.nist.gov/vuln/detail/CVE-2026-28493

Code Behaviors & Features

Detect and mitigate CVE-2026-28493 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →