← back
CVE-2026-46522

ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

CVSS 7.5 HIGHEPSS 1.3%CWE-400CWE-835
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
ImageMagick · ImageMagick
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52595unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5