CVE-2026-24485

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40

Description ImageMagick is software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted PCD file lacking a valid Sync marker causes the DecodeImage() function to enter an infinite loop while searching for the marker. This results in the program becoming unresponsive and consuming CPU resources, potentially leading to system resource exhaustion and a denial of service.

Recommendations Update to ImageMagick version 7.1.2-15 or later. Update to ImageMagick version 6.9.13-40 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2026-24485

ECHO-8502-3F7F-E2B6

GHSA-PQGJ-2P96-RX85

OESA-2026-1452

OESA-2026-1453

OESA-2026-1454

OESA-2026-1455

OESA-2026-1456

OESA-2026-1457

OPENSUSE-SU-2026:10267-1

OPENSUSE-SU-2026:20337-1

SUSE-SU-2026:0851-1

SUSE-SU-2026:0852-1

SUSE-SU-2026:0853-1

SUSE-SU-2026:0854-1

USN-8263-1

Affected Products

Imagemagick

CVE-2026-24485

Weakness Enumeration

Related Identifiers

Affected Products

References · 165