CVE-2026-23952

EUVD-2026-3699
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
imagemagickimagemagick
𝑥
< 6.9.13-38
imagemagickimagemagick
7.0.0-0 ≤
𝑥
< 7.1.2-13
dlemstramagick.net
𝑥
< 14.10.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
8:6.9.11.60+dfsg-1.6+deb12u9
fixed
bookworm (security)
8:6.9.11.60+dfsg-1.6+deb12u9
fixed
bullseye
vulnerable
bullseye (security)
8:6.9.11.60+dfsg-1.3+deb11u12
fixed
forky
8:7.1.2.21+dfsg1-1
fixed
sid
8:7.1.2.21+dfsg1-1
fixed
trixie
8:7.1.1.43+dfsg1-1+deb13u8
fixed
trixie (security)
8:7.1.1.43+dfsg1-1+deb13u8
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ImageMagick
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
ImageMagick-config-6-SUSE
suse enterprise server 12 SP3
6.8.8.1-71.227.1
fixed
suse enterprise server 12 SP5
6.8.8.1-71.227.1
fixed
ImageMagick-config-6-upstream
suse enterprise server 12 SP3
6.8.8.1-71.227.1
fixed
suse enterprise server 12 SP5
6.8.8.1-71.227.1
fixed
ImageMagick-config-7-SUSE
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
ImageMagick-config-7-upstream
suse enterprise desktop 15 SP7
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP7
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP7
7.1.0.9-150400.6.64.1
fixed
ImageMagick-config-7-upstream-limited
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
ImageMagick-config-7-upstream-open
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
ImageMagick-config-7-upstream-secure
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
ImageMagick-config-7-upstream-websafe
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
ImageMagick-devel
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 12 SP5
6.8.8.1-71.227.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
libMagick++-7_Q16HDRI5
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
libMagick++-devel
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 12 SP5
6.8.8.1-71.227.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
libMagickCore-6_Q16-1
suse enterprise server 12 SP3
6.8.8.1-71.227.1
fixed
suse enterprise server 12 SP5
6.8.8.1-71.227.1
fixed
libMagickCore-7_Q16HDRI10
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
libMagickWand-6_Q16-1
suse enterprise server 12 SP3
6.8.8.1-71.227.1
fixed
suse enterprise server 12 SP5
6.8.8.1-71.227.1
fixed
libMagickWand-7_Q16HDRI10
suse enterprise desktop 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP7
7.1.1.43-150700.3.33.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
suse enterprise server 15 SP7
7.1.1.43-150700.3.33.1
fixed
perl-PerlMagick
suse enterprise sap 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise sap 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP4
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP5
7.1.0.9-150400.6.64.1
fixed
suse enterprise server 15 SP6
7.1.1.21-150600.3.38.1
fixed
Common Weakness Enumeration
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2