Cyber Resilience

CVE-2026-24485

HighDDoS

Published: 24 February 2026

Published
24 February 2026
Modified
27 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0002 5.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24485 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-24485 is a denial-of-service vulnerability in ImageMagick, an open-source software suite for image editing and manipulation. It affects versions prior to 7.1.2-15 and 6.9.13-40. The issue arises when processing a Photo CD (PCD) file lacking a valid Sync marker, causing the DecodeImage() function to enter an infinite loop while searching for the marker. This results in continuous CPU consumption, system resource exhaustion, and program unresponsiveness, classified under CWE-400 (Uncontrolled Resource Consumption) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Any unauthenticated remote attacker can exploit this vulnerability by supplying a specially crafted PCD file to an ImageMagick instance, such as through a web application or service that processes user-uploaded images. No user interaction or privileges are required, enabling exploitation over the network with low complexity. Successful exploitation leads to high-impact denial of service, potentially crashing the affected process or exhausting CPU resources on the target system.

Patches addressing this vulnerability are available in ImageMagick versions 7.1.2-15 and 6.9.13-40, as detailed in the project's GitHub security advisory (GHSA-pqgj-2p96-rx85) and the fixing commit (332c1566acc2de77857032d3c2504ead6210ff50). Additionally, the Magick.NET library, a .NET binding for ImageMagick, released version 14.10.3 with mitigations. Security practitioners should update to patched versions and validate image inputs where possible to prevent exploitation.

EU & UK References

Vulnerability details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while…

more

searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
Why these techniques?

The vulnerability enables remote exploitation of a public-facing image processing application (T1190) via crafted input leading to application resource exhaustion (T1499.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23952Same product: Dlemstra Magick.Net
CVE-2026-27798Same product: Dlemstra Magick.Net
CVE-2026-26284Same product: Imagemagick Imagemagick
CVE-2025-53101Same product: Imagemagick Imagemagick
CVE-2026-23876Same product: Imagemagick Imagemagick
CVE-2025-55298Same product: Imagemagick Imagemagick
CVE-2026-26066Same product: Imagemagick Imagemagick
CVE-2026-25987Same product: Imagemagick Imagemagick
CVE-2026-25897Same product: Imagemagick Imagemagick
CVE-2026-25965Same product: Imagemagick Imagemagick

Affected Assets

imagemagick
imagemagick
≤ 6.9.13-40 · 7.0.0-0 — 7.1.2-15
dlemstra
magick.net
≤ 14.10.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely patching of ImageMagick to versions 7.1.2-15 or 6.9.13-40 directly remediates the infinite loop flaw in DecodeImage() triggered by malformed PCD files.

preventdetect

Denial-of-service protections identify and defend against resource exhaustion attacks like the CPU consumption from processing crafted PCD files lacking valid Sync markers.

prevent

Validating image inputs from external sources prevents malformed PCD files from reaching the vulnerable DecodeImage() function and triggering the infinite loop.

References