CVE-2026-23874
Vulnerability
CVE-2026-23874
ImageMagick: ImageMagick: Denial of Service via infinite recursion in MSL <write> command
ecosystem: redhat:6, redhat:7A flaw was found in ImageMagick. A local user could exploit this vulnerability by providing a specially crafted Magick Scripting Language (MSL) file. This file, when processed, could trigger infinite recursion within the `<write>` command, leading to a stack overflow. Successful exploitation results in a Denial of Service (DoS) condition, making the application unavailable.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2026-23874
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2431034
- secalert@redhat.com: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2026-23874
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2026-23874
type: vendor
source: secalert@redhat.com
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
| AV | Local | |
|---|---|---|
| AC | Low | |
| PR | Low | |
| UI | None | |
| S | Not Changed | |
| C | None | |
| I | None | |
| A | High |
source: secalert@redhat.com
Loop with Unreachable Exit Condition ('Infinite Loop')
source: secalert@redhat.com
published: 2026-01-20 00:52:52
modified: 2026-01-20 03:46:02
Detection
redhat-vex
OR
 
ImageMagick
package type: binary
 
ImageMagick-c++
package type: binary
 
ImageMagick-c++-devel
package type: binary
 
ImageMagick-devel
package type: binary
 
ImageMagick-doc
package type: binary
 
ImageMagick-perl
package type: binary
 
ImageMagick
package type: source
tag: rhel-6-els:bed973f4-9cfe-9d6b-4efd-5501f715a543
OR
 
ImageMagick
package type: binary
 
ImageMagick-c++
package type: binary
 
ImageMagick-c++-devel
package type: binary
 
ImageMagick-devel
package type: binary
 
ImageMagick-doc
package type: binary
 
ImageMagick-perl
package type: binary
 
ImageMagick
package type: source
tag: rhel-6-extras-including-unpatched:bed973f4-9cfe-9d6b-4efd-5501f715a543
OR
 
ImageMagick
package type: binary
 
ImageMagick-c++
package type: binary
 
ImageMagick-c++-devel
package type: binary
 
ImageMagick-devel
package type: binary
 
ImageMagick-doc
package type: binary
 
ImageMagick-perl
package type: binary
 
ImageMagick
package type: source
tag: rhel-6-including-unpatched:bed973f4-9cfe-9d6b-4efd-5501f715a543
OR
 
ImageMagick
package type: binary
 
ImageMagick-c++
package type: binary
 
ImageMagick-c++-devel
package type: binary
 
ImageMagick-devel
package type: binary
 
ImageMagick-doc
package type: binary
 
ImageMagick-perl
package type: binary
 
ImageMagick
package type: source
tag: rhel-6-supplementary:bed973f4-9cfe-9d6b-4efd-5501f715a543
redhat-vex
OR
 
ImageMagick
package type: binary
 
ImageMagick-c++
package type: binary
 
ImageMagick-c++-devel
package type: binary
 
ImageMagick-devel
package type: binary
 
ImageMagick-doc
package type: binary
 
ImageMagick-perl
package type: binary
 
ImageMagick
package type: source
tag: rhel-7-extras-including-unpatched:70e434bb-f93d-f0a0-34a8-8b2bd896644e
OR
 
ImageMagick
package type: binary
 
ImageMagick-c++
package type: binary
 
ImageMagick-c++-devel
package type: binary
 
ImageMagick-devel
package type: binary
 
ImageMagick-doc
package type: binary
 
ImageMagick-perl
package type: binary
 
ImageMagick
package type: source
tag: rhel-7-including-unpatched:70e434bb-f93d-f0a0-34a8-8b2bd896644e
OR
 
ImageMagick
package type: binary
 
ImageMagick-c++
package type: binary
 
ImageMagick-c++-devel
package type: binary
 
ImageMagick-devel
package type: binary
 
ImageMagick-doc
package type: binary
 
ImageMagick-perl
package type: binary
 
ImageMagick
package type: source
tag: rhel-7-supplementary:70e434bb-f93d-f0a0-34a8-8b2bd896644e
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
