CVE-2026-22770 – ImageMagick versions before 7.1.2-13 contain a ... (How to Fix)

📋 TL;DR

ImageMagick versions before 7.1.2-13 contain a memory corruption vulnerability in the BilateralBlurImage method. When memory allocation fails, an uninitialized pointer is released, potentially causing crashes or arbitrary code execution. Anyone using vulnerable ImageMagick versions for image processing is affected.

💻 Affected Systems

Products:

ImageMagick

Versions: All versions prior to 7.1.2-13

Operating Systems: All platforms running ImageMagick (Linux, Windows, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Any application or service using ImageMagick for image processing is vulnerable when handling image files.

📦 What is this software?

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if ImageMagick processes untrusted images from external sources.

🟠

Likely Case

Application crashes (denial of service) when processing malformed images, potentially disrupting image processing services.

🟢

If Mitigated

Limited impact with proper sandboxing and input validation, potentially just crashes in isolated processes.

🌐 Internet-Facing: MEDIUM - Risk exists if web applications process user-uploaded images with vulnerable ImageMagick, but requires specific malformed image input.

🏢 Internal Only: LOW - Internal systems typically process trusted images, reducing exploitation likelihood.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a specific malformed image that triggers the memory allocation failure condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.1.2-13 and later

Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c

Restart Required: No

Instructions:

1. Check current version: magick --version
2. Update via package manager: sudo apt update && sudo apt upgrade imagemagick (Debian/Ubuntu) or sudo yum update imagemagick (RHEL/CentOS)
3. For source installations: Download latest from https://imagemagick.org and compile
4. Verify update: magick --version should show 7.1.2-13 or higher

🔧 Temporary Workarounds

Disable BilateralBlur filter

linux

Remove or disable the BilateralBlurImage functionality via policy.xml

Edit /etc/ImageMagick-7/policy.xml and add: <policy domain="coder" rights="none" pattern="BILATERALBLUR" />

Sandbox ImageMagick

all

Run ImageMagick in restricted environment with limited permissions

Use Docker containers with minimal privileges: docker run --read-only --cap-drop=ALL -v /tmp:/tmp:ro imagemagick

🧯 If You Can't Patch

Implement strict input validation for image uploads, rejecting suspicious files
Deploy web application firewall (WAF) rules to block malformed image uploads

🔍 How to Verify

Check if Vulnerable:

Run: magick --version | grep -E 'Version: ImageMagick [0-9]\.[0-9]\.[0-9]-[0-9]+' and check if version is below 7.1.2-13

Check Version:

magick --version | grep 'Version:'

Verify Fix Applied:

Confirm version is 7.1.2-13 or higher with: magick --version

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from ImageMagick processes
Error messages mentioning 'BilateralBlurImage' or memory allocation failures

Network Indicators:

Unusual image upload patterns to web applications
Multiple failed image processing requests

SIEM Query:

source="*imagemagick*" AND ("segmentation fault" OR "SIGSEGV" OR "memory corruption")

📊 Metadata

CVE ID: CVE-2026-22770

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-763

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: January 20, 2026

Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22770, you might also want to check these: