{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24485", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-23T00:38:20.548Z", "datePublished": "2026-02-24T00:34:04.907Z", "dateUpdated": "2026-02-24T00:34:04.907Z"}, "containers": {"cna": {"title": "ImageMagick: Infinite loop vulnerability when parsing a PCD file", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50"}, {"name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}, {"version": "< 6.9.13-40", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T00:34:04.907Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-pqgj-2p96-rx85", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "id": "CVE-2026-24485", "lastModified": "2026-02-24T14:13:49.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-24T01:16:12.757", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50"}, {"source": "security-advisories@github.com", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85"}, {"source": "security-advisories@github.com", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service via malformed PCD file processing", "id": "2442091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442091"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["A flaw was found in ImageMagick. A remote attacker could exploit this vulnerability by providing a specially crafted PCD (Picture CD) image file that lacks a valid Sync marker. This causes the DecodeImage() function to enter an infinite loop, leading to continuous CPU resource consumption and system resource exhaustion. The primary consequence is a denial of service (DoS), rendering the program unresponsive."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, restrict ImageMagick's ability to process untrusted PCD files. If PCD file support is not required, consider disabling the PCD coder in ImageMagick's policy.xml configuration file. Add <policy domain=\"coder\" rights=\"none\" pattern=\"PCD\" /> to /etc/ImageMagick-X/policy.xml (where X is the ImageMagick version). A service restart or application reload may be required for the changes to take effect."}, "name": "CVE-2026-24485", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T00:34:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-24485\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24485\nhttps://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85\nhttps://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"], "statement": "This MODERATE impact denial of service flaw in ImageMagick allows a remote attacker to cause continuous CPU resource consumption and system resource exhaustion. This occurs when processing a specially crafted PCD image file that lacks a valid Sync marker. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "created": "2026-02-24T09:54:17.705038+00:00", "updated": "2026-02-24T09:54:17.705135+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}