CVE-2026-46522
Received Received - Intake
Denial of Service in ImageMagick via MIFF Decoder

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-46522
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-48 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability causes an infinite loop resulting in CPU exhaustion but does not directly impact confidentiality, integrity, or availability of data.

Since the vulnerability does not lead to data breaches or unauthorized data access, it does not directly affect compliance with standards like GDPR or HIPAA, which focus on protecting personal and sensitive data.

However, denial of service conditions caused by CPU exhaustion could indirectly impact availability requirements under such regulations.

Executive Summary

This vulnerability exists in ImageMagick, a free and open-source software used for editing and manipulating digital images. Due to a missing check in the MIFF decoder in versions prior to 7.1.2.23 and 6.9.13-48, a specially crafted file can cause the software to enter an infinite loop. This infinite loop results in CPU exhaustion, which can degrade system performance or cause denial of service.

Impact Analysis

The vulnerability can lead to CPU exhaustion by causing ImageMagick to enter an infinite loop when processing a crafted MIFF file. This can result in denial of service conditions, where the affected system's resources are heavily consumed, potentially making the system unresponsive or slowing down other processes.

Mitigation Strategies

To mitigate this vulnerability, update ImageMagick to version 7.1.2.23 or later, or 6.9.13-48 or later, as these versions contain the fix for the infinite loop issue in the MIFF decoder.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46522. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart