Skip to main content

ImageMagick CVE-2026-49218

| EUVDEUVD-2026-36184 HIGH
Improper Input Validation (CWE-20)
N/A vendor:alpine GHSA-8pj9-6897-74xc
7.5
CVSS 3.1 · Vendor: vendor:alpine
Share

Severity by source

Vendor (vendor:alpine) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Network-reachable image processing with no auth or interaction; CWE-20 in a parser typically yields availability-only impact (crash/resource exhaustion), so C:N/I:N/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (vendor:alpine).

CVSS VectorVendor: vendor:alpine

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch available
Jun 25, 2026 - 23:04 EUVD
Analysis Updated
Jun 10, 2026 - 23:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 10, 2026 - 23:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 10, 2026 - 23:22 vuln.today
cvss_changed
CVSS changed
Jun 10, 2026 - 23:22 NVD
7.5 (HIGH)
Analysis Generated
Jun 10, 2026 - 09:00 vuln.today

DescriptionCVE.org

Alpine Linux: imagemagick fixed in 7.1.2.24-r0

AnalysisAI

Denial of service in ImageMagick affects Alpine Linux package versions prior to 7.1.2.24-r0, where improper input validation allows remote attackers to trigger high availability impact without authentication or user interaction. The flaw is tracked under upstream advisory GHSA-8pj9-6897-74xc and was disclosed via Alpine's security tracking. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify image-upload endpoint backed by ImageMagick
Delivery
Craft malformed image triggering CWE-20 path
Exploit
Submit image via HTTP upload
Execution
ImageMagick worker exhausts resources or crashes
Impact
Conversion pipeline unavailable to legitimate users

Vulnerability AssessmentAI

Exploitation Exploitation requires the target system to run an Alpine imagemagick build earlier than 7.1.2.24-r0 and to expose ImageMagick to attacker-controlled image input - typically an HTTP endpoint that accepts uploads and invokes convert/identify/MagickWand, or a backend job that fetches and processes remote images. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H scores 7.5 (High) and indicates a network-reachable, low-complexity, unauthenticated availability-only impact - consistent with a DoS via crafted image upload. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker uploads a maliciously crafted image to any public-facing endpoint that hands the file off to ImageMagick for thumbnailing, conversion, or metadata extraction (avatars, document uploads, CMS media libraries). When ImageMagick parses the file it hits the input-validation defect and consumes excessive resources or crashes the worker, taking the conversion pipeline offline; repeated submissions degrade or deny the service to legitimate users. …
Remediation Upgrade the Alpine imagemagick package to 7.1.2.24-r0 or later using apk (for example, apk update && apk upgrade imagemagick), which is the vendor-released patch for Alpine. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running ImageMagick on Alpine Linux with versions prior to 7.1.2.24-r0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-23876 CRITICAL POC
9.8 Jan 20

Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d

CVE-2025-53015 HIGH POC
7.5 Jul 14

CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops

CVE-2025-53101 HIGH POC
7.4 Jul 14

A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is availa

CVE-2026-23952 MEDIUM POC
6.5 Jan 22

ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer

CVE-2026-25968 CRITICAL
9.8 Feb 24

Stack buffer overflow in ImageMagick's MSL (Magick Scripting Language) parser allows remote attackers to corrupt memory

CVE-2026-23874 MEDIUM POC
5.5 Jan 20

Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

CVE-2026-25794 HIGH
8.2 Feb 24

Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplyi

CVE-2026-28693 HIGH
8.1 Mar 10

High severity vulnerability in ImageMagick. An integer overflow in DIB coder can result in out of bounds read or write

CVE-2026-30929 HIGH
7.7 Mar 10

High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it

CVE-2026-25989 HIGH
7.5 Feb 24

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to denial of service when processing maliciously cra

CVE-2026-25985 HIGH
7.5 Feb 24

Imagemagick versions up to 7.1.2-15 is affected by allocation of resources without limits or throttling (CVSS 7.5).

CVE-2026-25969 HIGH
7.5 Feb 24

Denial of service in ImageMagick prior to 7.1.2-15 stems from a memory leak in the WriteASHLARImage function within code

Share

CVE-2026-49218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy