Primary

Context

ImageMagick Infinite Loop Vulnerability in PCD File Processing Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. The issue arises in the PCD file decoder, where the DecodeImage() function can enter an infinite loop if the file lacks a valid Sync marker. This loop causes the application to become unresponsive, excessively consume CPU resources, and ultimately exhaust system resources.

Impact

Exploitation of this vulnerability leads to an infinite loop condition, causing the application to become unresponsive and consume excessive CPU resources. This behavior can exhaust system resources, potentially leading to a denial-of-service condition.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40 to address this vulnerability.

Added: Feb 24, 2026, 1:21 AM

Updated: Feb 24, 2026, 1:21 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.0

remediation

7.7

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.0

remediation

7.7

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Infinite Loop Vulnerability in PCD File Processing Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating