Plattform
imagemagick
Komponente
imagemagick
Behoben in
7.0.1
6.9.14
CVE-2026-25797 describes a code injection vulnerability in ImageMagick, a widely used image processing library. An attacker can inject malicious PostScript code into image files processed by ImageMagick, leading to arbitrary code execution when the file is opened by a viewer or printer. This vulnerability affects versions 7.0.0 through 7.1.1 and has been resolved in version 7.1.2-15.
Successful exploitation of CVE-2026-25797 allows an attacker to execute arbitrary code on the system processing the malicious image file. This could involve gaining control of the server, stealing sensitive data, or installing malware. The attack vector involves crafting a specially designed image file that, when processed by ImageMagick, injects PostScript code into the file's header. This injected code is then executed by the PostScript interpreter (e.g., Ghostscript) when the file is viewed or printed. The blast radius extends to any system that processes images created with the vulnerable ImageMagick version, including print servers, web servers serving images, and individual workstations.
CVE-2026-25797 was publicly disclosed on February 24, 2026. Currently, no public proof-of-concept exploits are widely available, but the vulnerability's nature suggests a moderate probability of exploitation (medium EPSS score). It's crucial to prioritize patching due to the potential for remote code execution. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns.
Systems running ImageMagick 7.0.0 through 7.1.1 are at risk, particularly those used in web applications, print servers, and automated image processing pipelines. Shared hosting environments where users can upload images are also at increased risk, as they may be vulnerable to malicious file uploads.
• linux / server:
find /usr/local/bin /opt/homebrew/bin -name 'magick' -print0 | xargs -0 file• generic web:
curl -I https://example.com/image.ps | grep -i 'postscript'disclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-25797 is to upgrade ImageMagick to version 7.1.2-15 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting file uploads to trusted sources, validating image file types rigorously, and using a Web Application Firewall (WAF) to filter potentially malicious PostScript code. Monitor ImageMagick logs for unusual activity or errors related to PostScript processing. After upgrading, confirm the fix by attempting to process a known malicious image file and verifying that the code injection is prevented.
Aktualisieren Sie ImageMagick auf Version 7.1.2-15 oder höher oder auf Version 6.9.13-40 oder höher. Dies behebt die Code-Injektions-Schwachstelle in den PostScript-Codern und die HTML-Injektions-Schwachstelle. Das Update kann über den Paketmanager des Systems oder durch Herunterladen der neuesten Version von der offiziellen Website durchgeführt werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25797 is a medium-severity vulnerability in ImageMagick versions 7.0.0 through 7.1.1 that allows attackers to inject malicious PostScript code, potentially leading to remote code execution.
If you are using ImageMagick versions 7.0.0 through 7.1.1, you are potentially affected by this vulnerability. Check your version and upgrade accordingly.
Upgrade ImageMagick to version 7.1.2-15 or later to resolve this vulnerability. If immediate upgrade is not possible, implement temporary workarounds like file type validation and WAF rules.
While no public exploits are widely available, the vulnerability's potential for remote code execution suggests a moderate risk of exploitation. Monitor security advisories for updates.
Refer to the official ImageMagick security advisory for detailed information and updates: [https://imagemagick.org/script/security.php](https://imagemagick.org/script/security.php)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.