ImageMagick में पोस्टस्क्रिप्ट हेडर के माध्यम से कोड इंजेक्शन से भेद्यता (Code injection via PostScript header)

Successful exploitation of CVE-2026-25797 allows an attacker to execute arbitrary code on the system processing the malicious image file. This could involve gaining control of the server, stealing sensitive data, or installing malware. The attack vector involves crafting a specially designed image file that, when processed by ImageMagick, injects PostScript code into the file's header. This injected code is then executed by the PostScript interpreter (e.g., Ghostscript) when the file is viewed or printed. The blast radius extends to any system that processes images created with the vulnerable ImageMagick version, including print servers, web servers serving images, and individual workstations.

Systems running ImageMagick 7.0.0 through 7.1.1 are at risk, particularly those used in web applications, print servers, and automated image processing pipelines. Shared hosting environments where users can upload images are also at increased risk, as they may be vulnerable to malicious file uploads.

• linux / server:

find /usr/local/bin /opt/homebrew/bin -name 'magick' -print0 | xargs -0 file

• generic web:

curl -I https://example.com/image.ps | grep -i 'postscript'

1. 2026-02-24Disclosure

   disclosure

1. आरक्षित2026-02-05
2. प्रकाशित2026-02-24
3. संशोधित2026-02-26
4. EPSS अद्यतन2026-03-23

The primary mitigation for CVE-2026-25797 is to upgrade ImageMagick to version 7.1.2-15 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting file uploads to trusted sources, validating image file types rigorously, and using a Web Application Firewall (WAF) to filter potentially malicious PostScript code. Monitor ImageMagick logs for unusual activity or errors related to PostScript processing. After upgrading, confirm the fix by attempting to process a known malicious image file and verifying that the code injection is prevented.