HIGH 7.5 NuGet
ImageMagick has a Stack Overflow in DestroyXMLTree()
GHSA-fwvm-ggf6-2p4x · CVE-2026-33908
Published · Modified
Description
Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack.
References
- WEB https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-33908
- WEB https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8
- PACKAGE https://github.com/ImageMagick/ImageMagick
- WEB https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19
- WEB https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0
Ready to move
Start Securing
Free, no credit card | First findings in minutes