PatchSiren cyber security CVE debrief
CVE-2026-46522 ImageMagick CVE debrief
CVE-2026-46522 is a high-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. The vulnerability, caused by a missing check in the MIFF decoder, allows a crafted file to cause an infinite loop, resulting in CPU exhaustion. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. The affected versions of ImageMagick are prior to 7.1.2.23 and 6.9.13-48. The issue was fixed in versions 7.1.2.23 and 6.9.13-48.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of ImageMagick, especially those who process untrusted images, should update to the fixed versions (7.1.2.23 or 6.9.13-48) to prevent potential CPU exhaustion attacks.
Technical summary
The vulnerability exists in the MIFF decoder of ImageMagick. A crafted MIFF file can cause an infinite loop, leading to CPU exhaustion. The issue is addressed in ImageMagick versions 7.1.2.23 and 6.9.13-48.
Defensive priority
High
Recommended defensive actions
- Update ImageMagick to version 7.1.2.23 or 6.9.13-48, or later.
Evidence notes
CVE-2026-46522 was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability affects ImageMagick versions prior to 7.1.2.23 and 6.9.13-48.
Official resources
-
CVE-2026-46522 CVE record
CVE.org
-
CVE-2026-46522 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-46522 was published on 2026-06-10T22:16:59.333Z and modified on 2026-06-11T18:41:56.037Z.