CVE-2026-46522

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-23 ImageMagick versions prior to 6.9.13-48

Description A missing check in the MIFF decoder allows a crafted 224-byte MIFF file to cause an infinite loop, leading to CPU exhaustion where the system remains at 100% CPU usage.

Recommendations Update to version 7.1.2-23. Update to version 6.9.13-48.

Exploit

Fix

DoS

Resource Exhaustion

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-835

Related Identifiers

CVE-2026-46522

ECHO-296A-CB3F-7FE4

GHSA-7GG8-QQX7-92G5

OESA-2026-2386

OESA-2026-2387

OESA-2026-2388

OESA-2026-2389

OESA-2026-2463

Affected Products

Imagemagick

Red Os

CVE-2026-46522

Weakness Enumeration

Related Identifiers

Affected Products

References · 42