Denial of Service Vulnerability in ImageMagick JPEG Encoder
CVE-2026-26283

6.2MEDIUM

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 24 February 2026

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2026-26283?

A vulnerability in the JPEG encoder of ImageMagick allows for Denial of Service by triggering an infinite loop when the encoder fails to write persistently. This is caused by a flawed 'continue' statement in the binary search loop. An attacker can exploit this flaw using crafted image files, leading to 100% CPU consumption and causing the process to hang. It is crucial for users to upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40 or later to protect against this issue.

Affected Version(s)

ImageMagick >= 7.0.0, < 7.1.2-15 < 7.0.0, 7.1.2-15

ImageMagick < 6.9.13-40 < 6.9.13-40

References

https://github.com/ImageMagick/ImageMagick/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Feb 12, 2026

CVE-2026-26283 Data

JSON