MEDIUM 5.7 NuGet
ImageMagick: Code Injection via PostScript header in ps coders
GHSA-rw6c-xp26-225v · CVE-2026-25797
Published · Modified
Description
The ps encoders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicious file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed.
The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code.
References
- WEB https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-25797
- WEB https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d
- PACKAGE https://github.com/ImageMagick/ImageMagick
- WEB https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
Ready to move
Start Securing
Free, no credit card | First findings in minutes