How to fix CVE-2026-24481?

Within 24 hours: Inventory all systems running ImageMagick and identify which process untrusted PSD files. Within 7 days: Implement network segmentation to isolate ImageMagick services and disable PSD format handling where feasible. Within 30 days: Establish continuous monitoring for CVE-2026-24481 patch availability and prepare deployment procedures; consider alternative image processing solutions if patching timeline extends beyond 60 days.

Is Imagemagick affected by CVE-2026-24481?

ImageMagick's PSD file handler contains a heap information disclosure vulnerability that could expose sensitive data from application memory.

CVE-2026-24481

HIGH

2026-02-24 [email protected]

GHSA-96pc-27rx-pr36

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 24, 2026 - 01:16 nvd

HIGH 7.5

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Analysis

Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. …

Remediation

Within 24 hours: Inventory all systems running ImageMagick and identify which process untrusted PSD files. Within 7 days: Implement network segmentation to isolate ImageMagick services and disable PSD format handling where feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

Vendor Status

CVE-2026-24481 vulnerability details – vuln.today

Back

CVE-2026-24481

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-24481

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code