CVE-2026-26283— ImageMagick has possible infinite loop in JPEG encoder when using `jpeg:extent`
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-26283
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ImageMagick has possible infinite loop in JPEG encoder when using `jpeg:extent`
Source: NVD (National Vulnerability Database)
Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可达退出条件的循环(无限循环)
Source: NVD (National Vulnerability Database)
Vulnerability Title
ImageMagick 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。 ImageMagick 7.1.2-15之前版本和6.9.13-40之前版本存在安全漏洞,该漏洞源于JPEG编码器中的continue语句在处理特制图像时可能导致无限循环,造成CPU消耗100%和进程挂起。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ImageMagick | ImageMagick | >= 7.0.0, < 7.1.2-15 | - |
II. Public POCs for CVE-2026-26283
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-26283
请登录查看更多情报信息。
Same Patch Batch · ImageMagick · 2026-02-24 · 32 CVEs total
| CVE-2026-25965 | 8.6 HIGH | ImageMagick's policy bypass through path traversal allows reading restricted content despi |
| CVE-2026-25794 | 8.2 HIGH | ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when |
| CVE-2026-24481 | 7.5 HIGH | ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression |
| CVE-2026-25989 | 7.5 HIGH | ImageMagick has integer overflow or wraparound and incorrect conversion between numeric ty |
| CVE-2026-25985 | 7.5 HIGH | Memory allocation with excessive without limits in the internal SVG decoder |
| CVE-2026-24485 | 7.5 HIGH | ImageMagick: Infinite loop vulnerability when parsing a PCD file |
| CVE-2026-25968 | 7.4 HIGH | ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write. |
| CVE-2026-25967 | 7.4 HIGH | ImageMagick has stack buffer overflow in FTXT reader via oversized integer field |
| CVE-2026-26284 | 6.5 MEDIUM | ImageMagick has heap overflow in pcd decoder that leads to out of bounds read. |
| CVE-2026-25897 | 6.5 MEDIUM | ImageMagick has heap overflow in sun decoder on 32-bit systems that can result in out of b |
| CVE-2026-25898 | 6.5 MEDIUM | Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM |
| CVE-2026-25982 | 6.5 MEDIUM | ImageMagick Has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage) |
| CVE-2026-26066 | 6.2 MEDIUM | ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted |
| CVE-2026-25971 | 6.2 MEDIUM | ImageMagick's MSL: Stack overflow in ProcessMSLScript |
| CVE-2026-25966 | 5.9 MEDIUM | ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" lea |
| CVE-2026-25797 | 5.7 MEDIUM | ImageMagick vulnerable to Code injection via PostScript header in ps coders |
| CVE-2026-25987 | 5.3 MEDIUM | ImageMagick has heap buffer over-read in MAP image decoder |
| CVE-2026-26983 | 5.3 MEDIUM | ImageMagick: Invalid MSL <map> can result in a use after free |
| CVE-2026-24484 | 5.3 MEDIUM | ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS |
| CVE-2026-25986 | 5.3 MEDIUM | ImageMagick has a heap buffer overflow in YUV 4:2:2 decoder |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: ImageMagick
- CVE-2026-40312
ImageMagick: Off-by-One in MSL decoder could result in crash - CVE-2026-40311
ImageMagick: Heap-use-after-free via XMP profile could resul - CVE-2026-40310
ImageMagick: Heap out-of-bounds write in JP2 encoder - CVE-2026-40183
ImageMagick: Heap buffer overflow when encoding JXL image wi - CVE-2026-40169
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JS
Same vendor: ImageMagick
- CVE-2026-40312
ImageMagick: Off-by-One in MSL decoder could result in crash - CVE-2026-40311
ImageMagick: Heap-use-after-free via XMP profile could resul - CVE-2026-40310
ImageMagick: Heap out-of-bounds write in JP2 encoder - CVE-2026-40183
ImageMagick: Heap buffer overflow when encoding JXL image wi - CVE-2026-40169
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JS
Same weakness: CWE-835
- CVE-2026-42310
Pillow: PDF Parsing Trailer Infinite Loop (DoS) - CVE-2026-41511
OpenMcdf has an Infinite loop DoS via crafted CFB directory - CVE-2026-5407
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi - CVE-2026-6536
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi - CVE-2026-6534
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi
V. Comments for CVE-2026-26283
No comments yet