Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-26066

Опубликовано: 24 фев. 2026
Источник: redhat
CVSS3: 6.2
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

A flaw was found in ImageMagick. A local attacker could provide a crafted image profile containing invalid IPTC (International Press Telecommunications Council) data. When ImageMagick attempts to write this data using the IPTCTEXT function, it may lead to an infinite loop, resulting in a Denial of Service (DoS) for the application.

Отчет

This MODERATE impact flaw in ImageMagick can lead to a denial of service. A crafted profile containing invalid IPTC data may cause an infinite loop when ImageMagick attempts to write it with IPTCTEXT. Red Hat Enterprise Linux systems utilizing ImageMagick to process untrusted image files are affected.

Меры по смягчению последствий

To mitigate this issue, restrict ImageMagick's processing of untrusted image files. If ImageMagick is used in an automated or server-side context, consider implementing sandboxing mechanisms to limit the resources available to the ImageMagick process when handling external input. This can help contain the impact of a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2442142ImageMagick: ImageMagick: Denial of Service via crafted IPTC data

EPSS

Процентиль: 4%
0.00017
Низкий

6.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-26066

CVSS3: 6.2
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-26066

CVSS3: 6.2
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

debian логотип

CVE-2026-26066

CVSS3: 6.2
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-v994-63cg-9wj3

CVSS3: 6.2
github
около 1 месяца назад

ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile

suse-cvrf логотип

SUSE-SU-2026:0854-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 4%
0.00017
Низкий

6.2 Medium

CVSS3