CVE-2026-23952
NULL Pointer Dereference in ImageMagick MSL Parser Causes DoS
Publication date: 2026-01-22
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-13 (exc) |
| imagemagick | imagemagick | to 6.9.13-38 (exc) |
| dlemstra | magick.net | to 14.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in ImageMagick's Magick Scripting Language (MSL) parser that occurs when processing a <comment> tag before any image is loaded. Specifically, the function MSLEndElement() calls DeleteImageProperty() on a NULL image pointer without checking if it is NULL, causing an assertion failure or crash. This leads to a denial of service (DoS) by crashing the application when handling crafted MSL files containing such <comment> tags. [1]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) by crashing any application using ImageMagick to process user-supplied MSL files with a crafted <comment> tag before image loading. It impacts availability by causing assertion failures or NULL pointer dereferences that crash the program. It requires low privileges, no user interaction, and can be exploited remotely over the network without affecting confidentiality or integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing if your ImageMagick installation is vulnerable to a crafted MSL file containing a <comment> tag before any image is loaded. You can reproduce the issue by running a command like: magick MSL:poc.msl out.png where poc.msl is a maliciously crafted MSL file with a <comment> tag before any <read> operation. If the program crashes or shows an assertion failure, it indicates the vulnerability is present. Additionally, fuzzing tools such as the custom MSL fuzzer used by Team FuzzingBrain can be employed to detect this issue. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade ImageMagick or Magick.NET to a patched version that includes the fix. Specifically, update to ImageMagick version 7.1.2-13 or later, or Magick.NET version 14.10.2 or later, which contain the necessary NULL pointer checks to prevent the crash. Avoid processing untrusted MSL files until the update is applied. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability impacts availability due to a denial-of-service condition but does not affect confidentiality or integrity of data. Therefore, it does not directly affect compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on protecting data confidentiality and integrity. However, organizations relying on ImageMagick for critical image processing should consider the availability impact in their risk assessments and mitigation strategies. [1]