CVE-2026-24481
📋 TL;DR
ImageMagick versions before 7.1.2-15 and 6.9.13-40 have a heap information disclosure vulnerability in their PSD format handler. When processing specially crafted ZIP-compressed PSD files, uninitialized heap memory can leak into output images, potentially exposing sensitive data. This affects any system using vulnerable ImageMagick versions to process user-supplied PSD files.
💻 Affected Systems
- ImageMagick
📦 What is this software?
Imagemagick by Imagemagick
Imagemagick by Imagemagick
⚠️ Risk & Real-World Impact
Worst Case
Sensitive data from heap memory (potentially including passwords, keys, or other process data) is exfiltrated via manipulated images, leading to complete system compromise.
Likely Case
Limited information disclosure from heap memory, potentially exposing fragments of sensitive data or enabling further attacks through information gathering.
If Mitigated
No data leakage occurs due to proper input validation and patched software.
🎯 Exploit Status
Exploitation requires crafting malicious PSD files and getting them processed by vulnerable ImageMagick. No public exploit code is currently known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.1.2-15 and 6.9.13-40
Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36
Restart Required: No
Instructions:
1. Update ImageMagick to version 7.1.2-15 or later (for version 7.x) or 6.9.13-40 or later (for version 6.x). 2. For package managers: 'sudo apt update && sudo apt upgrade imagemagick' (Debian/Ubuntu) or 'sudo yum update imagemagick' (RHEL/CentOS). 3. For source compilation: Download latest version from imagemagick.org and rebuild.
🔧 Temporary Workarounds
Disable PSD format processing
allRemove PSD format support from ImageMagick policy.xml to prevent processing of vulnerable file type
Edit /etc/ImageMagick-6/policy.xml or /etc/ImageMagick-7/policy.xml
Add: <policy domain="delegate" rights="none" pattern="PSD" />
Restart services using ImageMagick
Input validation for PSD files
allImplement server-side validation to reject suspicious PSD files before ImageMagick processing
Implement file validation in application code
Check file headers and reject malformed PSD files
Limit maximum file size for PSD uploads
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all PSD file uploads
- Isolate ImageMagick processing in sandboxed containers with minimal privileges
🔍 How to Verify
Check if Vulnerable:
Check ImageMagick version with 'convert --version' or 'magick --version' and compare against vulnerable versionsCheck Version:
convert --version | head -1Verify Fix Applied:
Verify version is 7.1.2-15 or higher (for v7) or 6.9.13-40 or higher (for v6)📡 Detection & Monitoring
Log Indicators:
- Unusual ImageMagick process crashes
- Large number of PSD file processing attempts
- Memory allocation errors in ImageMagick logs
Network Indicators:
- Unusual outbound traffic after PSD file uploads
- Patterns of PSD file uploads to image processing endpoints
SIEM Query:
source="*imagemagick*" AND (error OR crash OR "memory") AND psd