Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25971

Опубликовано: 24 фев. 2026
Источник: redhat
CVSS3: 6.2
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. This vulnerability occurs because ImageMagick fails to check for circular references between two Magick Scripting Language (MSL) files. A remote attacker could exploit this by providing specially crafted MSL files, leading to a stack overflow and ultimately a Denial of Service (DoS) condition, making the software unavailable.

Отчет

This MODERATE impact vulnerability in ImageMagick arises from a stack overflow when processing maliciously crafted MSL files containing circular references. Red Hat Enterprise Linux and Community Projects are affected where ImageMagick is used to process untrusted image or script files.

Меры по смягчению последствий

To mitigate this issue, avoid processing untrusted or maliciously crafted MSL (Magick Scripting Language) files with ImageMagick. Implement strict input validation and sanitization for any ImageMagick operations that handle external or user-supplied content.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-606
https://bugzilla.redhat.com/show_bug.cgi?id=2442117ImageMagick: ImageMagick: Denial of Service via circular references in MSL files

EPSS

Процентиль: 12%
0.00039
Низкий

6.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25971

CVSS3: 6.2
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-25971

CVSS3: 6.2
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

debian логотип

CVE-2026-25971

CVSS3: 6.2
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-8mpr-6xr2-chhc

CVSS3: 6.2
github
16 дней назад

ImageMagick: MSL - Stack overflow in ProcessMSLScript

suse-cvrf логотип

SUSE-SU-2026:0853-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 12%
0.00039
Низкий

6.2 Medium

CVSS3