Primary

Context

ImageMagick Heap Information Disclosure Vulnerability in PSD Format Handler

Vulnerability

Patched

A heap information disclosure vulnerability has been identified in ImageMagick's PSD format handler, affecting versions prior to 7.1.2-15 and 6.9.13-40. The vulnerability arises when the software processes a maliciously crafted PSD file that contains ZIP-compressed layer data. If the decompressed data is smaller than expected, uninitialized heap memory is leaked into the output image. This flaw could lead to the unauthorized exposure of sensitive data from server memory.

Impact

Exploitation of this vulnerability results in the leakage of uninitialized heap memory into the output image, potentially disclosing sensitive information from server memory.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40 to address this vulnerability.

Added: Feb 24, 2026, 1:22 AM

Updated: Feb 24, 2026, 1:22 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

2.9

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

2.9

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Information Disclosure Vulnerability in PSD Format Handler

Vulnerability

Impact

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating