CVE-2026-24485: ImageMagick: Infinite loop vulnerability when parsing a PCD file
When a PCD file does not contain a valid marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service.
References
- github.com/ImageMagick/ImageMagick
- github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
- github.com/advisories/GHSA-pqgj-2p96-rx85
- github.com/dlemstra/Magick.NET/releases/tag/14.10.3
- nvd.nist.gov/vuln/detail/CVE-2026-24485
Code Behaviors & Features
Detect and mitigate CVE-2026-24485 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →