Volerion logoVolerion
Volerion logoVolerion

ImageMagick NULL Pointer Dereference Vulnerability in Pixel Cache Cloning

Vulnerability

A NULL pointer dereference vulnerability has been identified in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. This vulnerability allows remote attackers to cause a denial-of-service by crashing applications linked with ImageMagick, through the use of a specially crafted image file. The issue arises in the ClonePixelCacheRepository function, where improper handling of image data can lead to a crash.

Impact

Exploitation of this vulnerability causes a crash of the application using ImageMagick, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using AddressSanitizer to compile ImageMagick. When a crafted image file is processed, the NULL pointer dereference occurs in the ClonePixelCacheRepository function, causing the application to crash.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40, where this vulnerability has been patched.

Added: Feb 24, 2026, 2:01 AM
Updated: Feb 24, 2026, 2:01 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
5.0
remediation
7.7
relevance
3.5
threat
1.6
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.