HIGH 7.5 NuGet
ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression
GHSA-96pc-27rx-pr36 · CVE-2026-24481
Published · Modified
Description
Description
A heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image.
Expected Impact
Information disclosure leading to potential exposure of sensitive data from server memory.
References
- WEB https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-24481
- WEB https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97
- PACKAGE https://github.com/ImageMagick/ImageMagick
- WEB https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
Ready to move
Start Securing
Free, no credit card | First findings in minutes