40 vulnerabilities in ImageMagick closed
The image editing software ImageMagick is vulnerable in several places. Security patches are available for installation.
(Image: Photon photo/Shutterstock.com)
Attackers can exploit a total of 40 vulnerabilities in ImageMagick to attack computers. After successful attacks, the primary result is DoS conditions and thus crashes. So far, there are no indications of ongoing attacks from the software manufacturer. However, admins should not delay patching for too long.
Various Dangers
This free image editing software is used to create and edit raster and vector graphics. Further information on the vulnerabilities closed in versions 6.9.13-40 and 7.1.2-15 is listed in the security section of the project's GitHub website. Of the 40 resolved security issues, eight are classified as “high” threat level.
For example, errors occur when processing SVG files, and approximately 674 GB of memory is used, leading to crashes (CVE-2026-25985). Processing PSD files with a ZIP-compressed layer also leads to crashes (CVE-2026-24481). In the context of memory errors, DoS conditions often occur, but malicious code can also infiltrate systems.
Videos by heise
How such attacks could unfold in detail is currently unclear. However, the brief descriptions of the vulnerabilities suggest that victims must open a file prepared by an attacker to initiate an attack. In the context of web applications, it is plausible that uploading a prepared file can cause damage.
Other Possible Attacks
The majority of the remaining software vulnerabilities are rated as “medium” threat level. In these cases, attackers can, among other things, also trigger memory errors or utilize 100 percent of the CPU (CVE-2026-26283 “medium”). Memory leaks can also occur.
(des)
