CVE-2026-46522
published 2026-06-10CVE-2026-46522: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
1.85%
76.4th percentile
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| imagemagick | imagemagick | < 7.1.2-23 | 7.1.2-23 |
| imagemagick | imagemagick | < 6.9.13-48 | 6.9.13-48 |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | >= 7.0.0-0 < 7.1.2-23 | 7.1.2-23 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ImageMagick: ImageMagick: Denial of Service via crafted MIFF file
vendor_redhat·2026-06-10·CVSS 7.5
CVE-2026-46522 [HIGH] CWE-835 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file
ImageMagick: ImageMagick: Denial of Service via crafted MIFF file
A flaw was found in ImageMagick. A remote attacker could provide a specially crafted MIFF (Magick Image File Format) file, which, due to a missing check in the MIFF decoder, would lead to an infinite loop. This vulnerability results in CPU exhaustion, causing a Denial of Service (DoS) for the affected system.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: ImageMagick (Red Hat Enterprise Linux 6) - Out of support scope
Package: ImageMagick (Red Hat Enterprise Linux 7) - Affected
GHSA
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
ghsa·2026-05-18
CVE-2026-46522 [HIGH] CWE-400 ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
Due to a missing check in the MIFF decoder a crafted file could cause an infinite loop resulting in CPU exhaustion.
No detection rules found.
Bugzilla
CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file [fedora-all]
bugzilla·2026-06-10·CVSS 7.5
CVE-2026-46522 [HIGH] CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file [fedora-all]
CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file [epel-all]
bugzilla·2026-06-10·CVSS 7.5
CVE-2026-46522 [HIGH] CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file [epel-all]
CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file
bugzilla·2026-06-10·CVSS 7.5
CVE-2026-46522 [HIGH] CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file
CVE-2026-46522 ImageMagick: ImageMagick: Denial of Service via crafted MIFF file
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5https://access.redhat.com/errata/RHSA-2026:32961https://access.redhat.com/security/cve/CVE-2026-46522https://bugzilla.redhat.com/show_bug.cgi?id=2487730https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46522.json
2026-06-10
Published