ByteOS Network

CVE Vulnerability Details :

CVE-2026-24481

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-24 Feb, 2026 | 00:29

Updated At-26 Feb, 2026 | 14:40

▼CVE Numbering Authority (CNA)

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Affected Products

Vendor

ImageMagick Studio LLC

Product

ImageMagick

Versions

Affected

>= 7.0.0, < 7.1.2-15
< 6.9.13-40

Problem Types

Type	CWE ID	Description
CWE	CWE-125	CWE-125: Out-of-bounds Read

Type: CWE

CWE ID: CWE-125

Description: CWE-125: Out-of-bounds Read

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Hyperlink	Resource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36	x_refsource_CONFIRM

Hyperlink: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References