CVE-2026-32259

Отчет

To exploit this issue, an attacker needs to convince a user to process a specially crafted file that makes ImageMagick use the sixel encoder. Default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability to a denial of service. Due to these reasons, this vulnerability has been rated with a moderate severity.

Меры по смягчению последствий

To mitigate this vulnerability, disable the vulnerable encoder by adding the following line to the ImageMagick policy.xml file, typically located in the directory /etc/ImageMagick-7/, /etc/ImageMagick-6/ or /etc/ImageMagick/:

To reduce the risk of exploitation, avoid processing sixel files from untrusted sources. If ImageMagick is deployed in a way that it processes files from untrusted sources automatically, consider running the application inside a container or a restricted sandbox environment to limit the potential security impact.