Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-24485

Опубликовано: 24 фев. 2026
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия до 6.9.13-40 (исключая)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия от 7.0.0-0 (включая) до 7.1.2-15 (исключая)
Конфигурация 2
cpe:2.3:a:dlemstra:magick.net:*:*:*:*:*:*:*:*
Версия до 14.10.3 (исключая)

EPSS

Процентиль: 16%
0.00052
Низкий

7.5 High

CVSS3

Дефекты

CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2026-24485

CVSS3: 7.5
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

redhat логотип

CVE-2026-24485

CVSS3: 7.5
redhat
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

debian логотип

CVE-2026-24485

CVSS3: 7.5
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-pqgj-2p96-rx85

CVSS3: 7.5
github
около 1 месяца назад

ImageMagick: Infinite loop vulnerability when parsing a PCD file

suse-cvrf логотип

SUSE-SU-2026:0854-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 16%
0.00052
Низкий

7.5 High

CVSS3

Дефекты

CWE-400