Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-26283

Опубликовано: 24 фев. 2026
Источник: redhat
CVSS3: 6.2
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a continue statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

A flaw was found in ImageMagick. An attacker can exploit this vulnerability by providing a specially crafted image. This crafted image can trigger an infinite loop within the JPEG encoder, causing the software to consume 100% of the CPU and become unresponsive. This leads to a Denial of Service (DoS), preventing legitimate users from accessing the image processing functionality.

Отчет

This MODERATE impact denial of service flaw in ImageMagick can be triggered by processing a specially crafted image, leading to an infinite loop and 100% CPU consumption. Red Hat Enterprise Linux 6 and 7, along with Fedora and EPEL, are affected by this vulnerability. Exploitation requires an attacker to provide a malicious image file to a system utilizing ImageMagick for image processing.

Меры по смягчению последствий

To mitigate this issue, avoid processing untrusted JPEG images with ImageMagick. If ImageMagick is deployed in a service context, consider implementing sandboxing mechanisms or restricting access to trusted sources to limit potential exposure.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2442140ImageMagick: ImageMagick: Denial of Service via crafted image leading to an infinite loop

EPSS

Процентиль: 12%
0.00041
Низкий

6.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-26283

CVSS3: 6.2
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-26283

CVSS3: 6.2
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

debian логотип

CVE-2026-26283

CVSS3: 6.2
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-gwr3-x37h-h84v

CVSS3: 6.2
github
около 1 месяца назад

ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent`

suse-cvrf логотип

SUSE-SU-2026:0851-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 12%
0.00041
Низкий

6.2 Medium

CVSS3