{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23874", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-16T21:02:02.900Z", "datePublished": "2026-01-20T00:52:52.916Z", "dateUpdated": "2026-01-20T21:43:48.227Z"}, "containers": {"cna": {"title": "ImageMagick's MSL: Stack overflow via infinite recursion in ProcessMSLScript", "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "lang": "en", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 7.1.2-13", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-20T00:52:52.916Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue."}], "source": {"advisory": "GHSA-9vj4-wc7r-p844", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T21:37:11.270727Z", "id": "CVE-2026-23874", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T21:43:48.227Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23874", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T21:37:11.270727Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T21:40:47.893Z"}}], "cna": {"title": "ImageMagick's MSL: Stack overflow via infinite recursion in ProcessMSLScript", "source": {"advisory": "GHSA-9vj4-wc7r-p844", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 7.1.2-13"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-20T00:52:52.916Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23874", "state": "PUBLISHED", "dateUpdated": "2026-01-20T21:43:48.227Z", "dateReserved": "2026-01-16T21:02:02.900Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-20T00:52:52.916Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4F0ED35-C455-412F-860C-5B3A9371E882", "versionEndExcluding": "7.1.2-13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue."}], "id": "CVE-2026-23874", "lastModified": "2026-01-29T13:57:07.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-20T01:15:57.300", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service via infinite recursion in MSL <write> command", "id": "2431034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431034"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["A flaw was found in ImageMagick. A local user could exploit this vulnerability by providing a specially crafted Magick Scripting Language (MSL) file. This file, when processed, could trigger infinite recursion within the `<write>` command, leading to a stack overflow. Successful exploitation results in a Denial of Service (DoS) condition, making the application unavailable."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, restrict ImageMagick's ability to process Magick Scripting Language (MSL) files. This can be achieved by adding a policy entry to disable the MSL coder. Create or modify the ImageMagick policy file (e.g., `/etc/ImageMagick-7/policy.xml` or `/etc/ImageMagick/policy.xml`) to include the following line within the `<policymap>` tags:\n```xml\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n```\nAfter modifying the policy file, services or applications that use ImageMagick may need to be restarted for the changes to take effect. This may impact functionality that relies on processing MSL files."}, "name": "CVE-2026-23874", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-01-20T00:52:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23874\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23874\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844"], "statement": "This vulnerability is rated Moderate for Red Hat products. It affects ImageMagick, where a stack overflow can occur due to infinite recursion when processing a specially crafted Magick Scripting Language (MSL) file. Exploitation requires an attacker to provide a malicious MSL file to a user or service that processes image files using ImageMagick in affected versions of Red Hat Enterprise Linux and Community Projects.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T04:52:58.051239+00:00", "value": {"mitigation_remediation": ["Update ImageMagick to version\u00a07.1.2\u201113 or later to receive the stack\u2011overflow fix.", "If an upgrade is delayed, disable or restrict the `<write>` command in MSL scripts for untrusted users to prevent uncontrolled recursion.", "Remove or disable MSL scripting language support entirely in environments where it is not required."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all releases of ImageMagick prior to version 7.1.2\u201113. Systems running any of those versions are susceptible when they process MSL scripts, particularly the `<write>` command. The fix was implemented in ImageMagick\u00a07.1.2\u201113, which terminates recursion safely. Users of earlier releases should verify their installed version and upgrade if necessary.", "description_and_impact": "ImageMagick, a widely used open\u2011source image manipulation library, contains a stack overflow flaw in its Magick Scripting Language (MSL). The issue arises when the `<write>` command is invoked in MSL scripts that trigger infinite recursion. The resulting overflow can cause the process to crash or consume excessive stack memory, leading to a denial\u2011of\u2011service condition. This weakness is identified as CWE\u2011835, indicating uncontrolled recursion or iteration.", "risk_and_exploitability": "The CVSS v3.1 score for this flaw is 5.5, placing it in the moderate severity tier. The EPSS score is reported as less than 1\u202f%, indicating a very low probability of exploitation at present. ImageMagick has not been listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no confirmed active exploitation. The likely attack vector involves an attacker supplying a malicious MSL file or command to a system that processes images with ImageMagick; the recursion could be triggered locally or remotely, depending on how the library is invoked in the application stack."}}}}, "created": "2026-01-20T08:40:02.528867+00:00", "updated": "2026-04-18T05:00:06.033435+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}