CVE-2026-28691
📋 TL;DR
An uninitialized pointer dereference vulnerability in ImageMagick's JBIG decoder allows attackers to cause denial of service or potentially execute arbitrary code by processing malicious JBIG images. This affects all systems running vulnerable versions of ImageMagick that process untrusted JBIG files. The vulnerability is present in ImageMagick versions prior to 7.1.2-16 and 6.9.13-41.
💻 Affected Systems
- ImageMagick
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if the uninitialized pointer can be controlled to execute arbitrary code.
Likely Case
Application crash or denial of service when processing malicious JBIG images, potentially disrupting image processing services.
If Mitigated
Limited impact with proper input validation and sandboxing, potentially only causing application crashes.
🎯 Exploit Status
Exploitation requires crafting malicious JBIG images. No public exploit code is currently available, but the vulnerability is relatively straightforward to trigger.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.1.2-16 and 6.9.13-41
Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f
Restart Required: Yes
Instructions:
1. Update ImageMagick to version 7.1.2-16 or 6.9.13-41 using your package manager. 2. For Linux: 'sudo apt update && sudo apt upgrade imagemagick' or 'sudo yum update imagemagick'. 3. For source installations: Download and compile from the official repository. 4. Restart any services using ImageMagick.
🔧 Temporary Workarounds
Disable JBIG decoder
linuxRemove or disable JBIG format support in ImageMagick configuration
Edit /etc/ImageMagick-6/policy.xml or /etc/ImageMagick-7/policy.xml and add: <policy domain="coder" rights="none" pattern="JBIG" />
Input validation
allReject or sanitize JBIG files before processing with ImageMagick
🧯 If You Can't Patch
- Implement strict input validation to reject JBIG files from untrusted sources
- Run ImageMagick in a sandboxed environment with limited privileges
🔍 How to Verify
Check if Vulnerable:
Check ImageMagick version with 'convert --version' or 'magick --version' and compare against vulnerable versionsCheck Version:
convert --version | head -1 || magick --version | head -1Verify Fix Applied:
Verify version is 7.1.2-16 or higher, or 6.9.13-41 or higher. Test with known safe JBIG images to ensure processing works.📡 Detection & Monitoring
Log Indicators:
- Application crashes or segmentation faults when processing JBIG files
- Error messages related to JBIG decoder failures
Network Indicators:
- Unusual uploads of JBIG format files to web applications
- Spikes in image processing requests
SIEM Query:
source="*imagemagick*" AND (error OR crash OR segfault) AND JBIG