CVE-2026-24481

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

INFO

Published Date :

2026-02-24T00:29:20.406Z

Last Modified :

2026-02-26T14:40:07.564Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-24481 vulnerability.

Vendors	Products
Imagemagick	Imagemagick

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24481.

URL	Resource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact