7.5

CVE-2026-23952

Exploit

EPSS 0.02%
Veröffentlicht 22.01.2026 00:32:52
Zuletzt bearbeitet 27.02.2026 15:35:07
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Imagemagick ≫ Imagemagick Version < 6.9.13-38

Imagemagick ≫ Imagemagick Version >= 7.0.0-0 < 7.1.2-13

Dlemstra ≫ Magick.Net Version < 14.10.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8

Vendor Advisory

Exploit

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2

Product

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-23952

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23952

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23952

EUVD