CVE-2026-24484

Опубликовано: 24 фев. 2026

Источник: redhat

CVSS3: 5.3

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted image file with multi-layer nested MVG (Magick Vector Graphics) conversions to SVG (Scalable Vector Graphics). This improper handling of conversions can lead to a Denial of Service (DoS), making the software unavailable to legitimate users.

Отчет

This MODERATE impact denial of service vulnerability in ImageMagick affects Red Hat Enterprise Linux 6 ELS and 7 ELS, as well as Fedora and EPEL. The flaw occurs when converting multi-layer nested MVG files to SVG, where ImageMagick fails to properly validate the input, leading to resource exhaustion. Systems processing untrusted MVG files are susceptible to this issue.

Меры по смягчению последствий

Since this vulnerability involves processing untrusted image files, it is recommended to avoid converting multi-layer nested MVG files from untrusted sources to SVG format. Implement strict input validation and sanitization for any image files processed by ImageMagick. Additionally, consider running ImageMagick in a sandboxed environment to limit potential impact.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	ImageMagick	Out of support scope
Red Hat Enterprise Linux 7	ImageMagick	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-1284

https://bugzilla.redhat.com/show_bug.cgi?id=2442085ImageMagick: ImageMagick: Denial of Service vulnerability via multi-layer nested MVG to SVG conversion

5.3 Medium

CVSS3