Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Network-reachable image processing with no auth or interaction; CWE-20 in a parser typically yields availability-only impact (crash/resource exhaustion), so C:N/I:N/A:H.
Primary rating from Vendor (vendor:alpine).
CVSS VectorVendor: vendor:alpine
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionCVE.org
Alpine Linux: imagemagick fixed in 7.1.2.24-r0
AnalysisAI
Denial of service in ImageMagick affects Alpine Linux package versions prior to 7.1.2.24-r0, where improper input validation allows remote attackers to trigger high availability impact without authentication or user interaction. The flaw is tracked under upstream advisory GHSA-8pj9-6897-74xc and was disclosed via Alpine's security tracking. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target system to run an Alpine imagemagick build earlier than 7.1.2.24-r0 and to expose ImageMagick to attacker-controlled image input - typically an HTTP endpoint that accepts uploads and invokes convert/identify/MagickWand, or a backend job that fetches and processes remote images. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H scores 7.5 (High) and indicates a network-reachable, low-complexity, unauthenticated availability-only impact - consistent with a DoS via crafted image upload. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker uploads a maliciously crafted image to any public-facing endpoint that hands the file off to ImageMagick for thumbnailing, conversion, or metadata extraction (avatars, document uploads, CMS media libraries). When ImageMagick parses the file it hits the input-validation defect and consumes excessive resources or crashes the worker, taking the conversion pipeline offline; repeated submissions degrade or deny the service to legitimate users. … |
| Remediation | Upgrade the Alpine imagemagick package to 7.1.2.24-r0 or later using apk (for example, apk update && apk upgrade imagemagick), which is the vendor-released patch for Alpine. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running ImageMagick on Alpine Linux with versions prior to 7.1.2.24-r0. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Imagemagick
View allHeap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d
CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is availa
ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer
Stack buffer overflow in ImageMagick's MSL (Magick Scripting Language) parser allows remote attackers to corrupt memory
Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).
Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplyi
High severity vulnerability in ImageMagick. An integer overflow in DIB coder can result in out of bounds read or write
High severity vulnerability in ImageMagick. MagnifyImage uses a fixed-size stack buffer. When using a specific image it
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to denial of service when processing maliciously cra
Imagemagick versions up to 7.1.2-15 is affected by allocation of resources without limits or throttling (CVSS 7.5).
Denial of service in ImageMagick prior to 7.1.2-15 stems from a memory leak in the WriteASHLARImage function within code
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36184
GHSA-8pj9-6897-74xc