CVE-2026-24485
Infinite Loop DoS in ImageMagick PCD Decoder Causes Resource Exhaustion
Publication date: 2026-02-24
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 6.9.13-40 (exc) |
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-15 (exc) |
| dlemstra | magick.net | to 14.10.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update ImageMagick to a patched version that addresses this vulnerability.
- Upgrade ImageMagick to version 7.1.2-15 or later, or 6.9.13-40 or later, where the vulnerability has been fixed.
- If immediate upgrade is not possible, restrict or disable processing of PCD image files to prevent triggering the infinite loop.
- Monitor system resources and terminate any unresponsive ImageMagick processes consuming excessive CPU.
- Implement input validation or filtering to block malformed PCD files from being processed.
Can you explain this vulnerability to me?
CVE-2026-24485 is a vulnerability in the ImageMagick software, specifically in the PCD image decoder module. When ImageMagick processes a PCD file that does not contain a valid Sync marker, the DecodeImage() function enters an infinite loop while searching for this marker.
This infinite loop causes the program to become unresponsive and continuously consume CPU resources, leading to system resource exhaustion and denial of service.
The vulnerability arises from improper handling of image data during decoding, including insufficient buffer reading and bounds checking, which was addressed by adding rigorous size and overflow checks and improving error handling.
How can this vulnerability impact me? :
This vulnerability can cause ImageMagick to become unresponsive and consume excessive CPU resources when processing specially crafted PCD image files without a valid Sync marker.
The result is uncontrolled resource consumption leading to system resource exhaustion and denial of service (DoS), which can disrupt services or applications relying on ImageMagick for image processing.
Since the attack vector is network-based and requires no privileges or user interaction, an attacker could exploit this vulnerability remotely to cause service outages.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes the ImageMagick program to become unresponsive and continuously consume CPU resources when processing a malformed PCD image file without a valid Sync marker.
To detect this vulnerability on your system, monitor for unusually high CPU usage or unresponsive ImageMagick processes, especially when handling PCD image files.
Suggested commands to detect potential exploitation or presence of the vulnerability include:
- Use system monitoring tools like `top` or `htop` to identify ImageMagick processes consuming excessive CPU.
- Use `ps aux | grep convert` (or the relevant ImageMagick command) to find running ImageMagick processes.
- Check logs or audit usage of ImageMagick with PCD files to identify attempts to process potentially malicious files.
- Use network monitoring tools to detect unusual traffic patterns if ImageMagick is exposed as a network service.