CVE-2026-23952 – ImageMagick versions 14.10.1 and below have a N... (How to Fix)

Q: What is the severity of CVE-2026-23952?

CVE-2026-23952 has a CVSS score of 6.5 (MEDIUM). ImageMagick versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL parser when processing <comment> tags before images are loaded. This can cause denial of service (DoS) through application crashes in both debug and release builds. Any system using vulnerable ImageMagick versions for image processing is affected.

📋 TL;DR

ImageMagick versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL parser when processing <comment> tags before images are loaded. This can cause denial of service (DoS) through application crashes in both debug and release builds. Any system using vulnerable ImageMagick versions for image processing is affected.

💻 Affected Systems

Products:

ImageMagick
Magick.NET
Any software using ImageMagick library

Versions: 14.10.1 and below

Operating Systems: All platforms running ImageMagick

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing MSL scripts with <comment> tags before image loading. Requires MSL processing to be enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through repeated DoS attacks causing application crashes, potentially affecting availability of image processing services.

🟠

Likely Case

Intermittent DoS through application crashes when processing malicious MSL scripts, requiring service restarts.

🟢

If Mitigated

Minimal impact with proper input validation and monitoring in place to detect and block malicious scripts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires ability to submit MSL scripts to vulnerable ImageMagick instance. No authentication needed if MSL processing is exposed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.10.2

Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8

Restart Required: Yes

Instructions:

1. Download ImageMagick 14.10.2 from official sources. 2. Stop services using ImageMagick. 3. Install new version. 4. Restart services. 5. Verify version with 'convert --version'.

🔧 Temporary Workarounds

Disable MSL processing

all

Disable Magick Scripting Language processing to prevent exploitation

Edit policy.xml: <policy domain="coder" rights="none" pattern="MSL" />

Input validation

all

Validate and sanitize MSL input before processing

🧯 If You Can't Patch

Implement strict input validation for MSL scripts
Deploy WAF rules to block malicious MSL content

🔍 How to Verify

Check if Vulnerable:

Check ImageMagick version with 'convert --version' or 'magick --version'. If version is 14.10.1 or below, system is vulnerable.

Check Version:

convert --version | head -1

Verify Fix Applied:

After patching, verify version is 14.10.2 or higher with 'convert --version'.

📡 Detection & Monitoring

Log Indicators:

Application crashes with NULL pointer dereference errors
MSL processing failures
ImageMagick process termination

Network Indicators:

Multiple MSL script submissions to image processing endpoints
Unusual patterns in image upload traffic

SIEM Query:

source="*imagemagick*" AND ("NULL pointer" OR "segmentation fault" OR "assertion failure")

📊 Metadata

CVE ID: CVE-2026-23952

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (13.4th percentile)

Published: January 22, 2026

Last Updated: February 27, 2026

🔗 References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8 Exploit,Vendor Advisory
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2 Product,Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23952, you might also want to check these: