{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23952", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-19T14:49:06.312Z", "datePublished": "2026-01-22T00:32:52.908Z", "dateUpdated": "2026-01-22T21:43:42.939Z"}, "containers": {"cna": {"title": "ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8"}, {"name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 14.10.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-22T00:32:52.908Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2."}], "source": {"advisory": "GHSA-5vx3-wx4q-6cj8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T21:43:24.800726Z", "id": "CVE-2026-23952", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T21:43:42.939Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23952", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-22T21:43:24.800726Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T21:43:31.530Z"}}], "cna": {"title": "ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load", "source": {"advisory": "GHSA-5vx3-wx4q-6cj8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "< 14.10.2"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2", "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-22T00:32:52.908Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23952", "state": "PUBLISHED", "dateUpdated": "2026-01-22T21:43:42.939Z", "dateReserved": "2026-01-19T14:49:06.312Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-22T00:32:52.908Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5479E5D-F05A-4418-9D2B-12523B300E2C", "versionEndExcluding": "6.9.13-38", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "F658C5B2-8A54-42DB-88AB-FB7D5FE1712C", "versionEndExcluding": "7.1.2-13", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dlemstra:magick.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "016CE8C8-345A-46C9-8E07-6B8E94D3D2FF", "versionEndExcluding": "14.10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2."}], "id": "CVE-2026-23952", "lastModified": "2026-02-27T15:35:07.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-22T01:15:52.790", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service via processing of MSL comment tags", "id": "2431905", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431905"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, users should avoid processing untrusted or specially crafted MSL (Magick Scripting Language) files with ImageMagick. Restricting the sources of MSL files and ensuring that ImageMagick only processes trusted input can reduce the risk of exploitation. If ImageMagick is used in an automated pipeline, consider implementing sandboxing mechanisms to limit the impact of potential denial-of-service attacks."}, "name": "CVE-2026-23952", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-01-22T00:32:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23952\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23952\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8\nhttps://github.com/dlemstra/Magick.NET/releases/tag/14.10.2"], "statement": "This vulnerability is rated Moderate for Red Hat products. A NULL pointer dereference flaw exists in ImageMagick's MSL parser when processing <comment> tags before image loading. This could allow an attacker to cause a Denial of Service (DoS) by providing a specially crafted image file. This affects ImageMagick versions 14.10.1 and below, as shipped in various Red Hat products including EPEL and Red Hat Enterprise Linux Extended Life Cycle Support (ELS) releases.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T18:58:58.115185+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version 14.10.2 or later.", "Upgrade the Magick.NET .NET wrapper to version 14.10.2 or later.", "If an upgrade is not immediately possible, sanitise incoming image files to remove or escape <comment> tags before processing with ImageMagick."], "summary": {"action": "Apply patch", "impact": "Denial of Service via NULL pointer dereference"}, "threat_synthesis": {"affected_systems": "Affected products include the ImageMagick software itself and the Magick.NET .NET wrapper. Versions 14.10.1 and earlier are vulnerable; the flaw is addressed in ImageMagick 14.10.2 and the corresponding Magick.NET 14.10.2 release. No other products or versions are identified in the current advisory.", "description_and_impact": "ImageMagick, a widely used open\u2011source image manipulation library, contains a NULL pointer dereference flaw in the Magick Scripting Language parser. The issue is triggered when a <comment> tag is parsed before an image is loaded, causing an assertion failure in debug builds or a NULL dereference in release builds. The resulting crash can interrupt services that rely on ImageMagick or its .NET bindings, effectively creating a denial\u2011of\u2011service vulnerability. The weakness is classified as CWE\u2011476 (NULL Pointer Dereference).", "risk_and_exploitability": "The vulnerability received a CVSS score of 6.5, indicating moderate severity, while the EPSS score is below 1\u202f%, pointing to a low exploitation probability. It is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker would need to supply a crafted image file that contains a <comment> tag before the image data. This typically implies a local or privileged context unless the target application allows remote image uploads. Given the current metrics, the risk is moderate but still warrants timely mitigation."}}}}, "created": "2026-01-22T10:07:59.726134+00:00", "updated": "2026-04-18T19:00:08.049298+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}