ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
{
"cwe_ids": [
"CWE-122",
"CWE-787"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40310.json",
"cna_assigner": "GitHub_M",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "6.9.13-44"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"source": "REFERENCES"
}{
"cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "7.0.0-0"
},
{
"fixed": "7.1.2-19"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}{
"cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "6.9.13-44"
}
],
"source": "CPE_RANGE"
}[
{
"source": "https://github.com/imagemagick/imagemagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "285232216680049662319418833360611212124",
"length": 8181.0
},
"deprecated": false,
"id": "CVE-2026-40310-751b6d92",
"target": {
"function": "WriteJP2Image",
"file": "coders/jp2.c"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"4872456635868711982839511503761333493",
"311128181952692588347932227403711985089",
"130016504962519058459388484635303607035",
"190781299929751313047006758015912686207",
"185636127424962073377923790015698426958",
"6306646952726231299152036982053160026",
"39451595654527716453384862530539583570"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-40310-a5b93ea9",
"target": {
"file": "coders/jp2.c"
}
}
]
"2026-07-15T15:20:06Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40310.json"