CVE-2026-26283: ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent`
A continue statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image.
References
- github.com/ImageMagick/ImageMagick
- github.com/ImageMagick/ImageMagick/commit/c448c6920a985872072fc7be6034f678c087de9b
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v
- github.com/advisories/GHSA-gwr3-x37h-h84v
- github.com/dlemstra/Magick.NET/releases/tag/14.10.3
- nvd.nist.gov/vuln/detail/CVE-2026-26283
Code Behaviors & Features
Detect and mitigate CVE-2026-26283 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →