Heap Information Disclosure Vulnerability in ImageMagick Software
CVE-2026-24481

7.5HIGH

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 24 February 2026

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2026-24481?

A vulnerability exists in the PSD format handler of ImageMagick prior to versions 7.1.2-15 and 6.9.13-40. This flaw allows an attacker to exploit a maliciously crafted PSD file with ZIP-compressed layer data that decompresses to an unexpected size. Such exploitation can result in leaking uninitialized heap memory into the output image. Patches to address this issue are available in the latest versions.

Affected Version(s)

ImageMagick >= 7.0.0, < 7.1.2-15 < 7.0.0, 7.1.2-15

ImageMagick < 6.9.13-40 < 6.9.13-40

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Jan 23, 2026

CVE-2026-24481 Data

JSON