CVE-2026-24484
MEDIUM WAF: Medium
CVSS 5.3
Published: 2026-02-24
CWE-400
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | up to 6.9.13-40 |
| imagemagick | imagemagick | 7.0.0-0 - 7.1.2-15 |
| dlemstra | magick.net | up to 14.10.3 |
References
- github.com (Patch)
- github.com (Vendor Advisory)
- github.com (Product, Release Notes)