Primary

Context

ImageMagick Heap Use-After-Free Vulnerability in MSL Decoder

Vulnerability

Patched

A heap-use-after-free vulnerability has been identified in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40. This vulnerability is triggered by a crafted MSL script, which causes the operation element handler to replace and free an image while the parser continues to read from it. This leads to a use-after-free condition in the ReadBlobString function during subsequent parsing.

Impact

Exploitation of this vulnerability creates a heap-use-after-free condition, which can potentially be exploited to execute arbitrary code or cause a denial-of-service.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-15 or 6.9.13-40 to address this vulnerability.

Added: Feb 24, 2026, 2:19 AM

Updated: Feb 24, 2026, 2:19 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.3

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.3

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ImageMagick Heap Use-After-Free Vulnerability in MSL Decoder

Vulnerability

Impact

Remediation

Affected Products

ImageMagick

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating