CVE-2026-61465:
ImageMagick Análisis y mitigación de vulnerabilidades
Vista general
CVE-2026-61465 is a denial-of-service vulnerability in ImageMagick caused by a missing memory allocation limit check in matrix-backed image processing operations such as -canny. Affected versions include ImageMagick before 7.1.2-26 (7.x branch) and before 6.9.13-51 (6.9.x branch). The vulnerability was published on July 11, 2026, with the original security advisory (GHSA-rvhp-75f6-9jqh) credited to reporter rexpository and published by maintainer dlemstra on June 26, 2026. It carries a CVSS v3.1 base score of 3.3 (Low) and a CVSS v4.0 base score of 4.8 (Medium) (GitHub Advisory, ImageMagick Advisory, Red Hat Bugzilla).
Técnicas
The root cause is classified as CWE-770 (Allocation of Resources Without Limits or Throttling), with additional weaknesses noted as CWE-284 (Improper Access Control) and CWE-400 (Uncontrolled Resource Consumption). Matrix-backed operations in ImageMagick — such as the -canny edge detection filter — fail to enforce the memory allocation limits defined in the application's security policy, allowing unbounded memory allocation during image processing. An attacker exploits this by supplying a specially crafted image file that, when processed by a vulnerable ImageMagick instance, triggers excessive memory allocation beyond the configured policy ceiling. Exploitation requires local access and user interaction (i.e., a user or automated process must open or process the malicious image) (ImageMagick Advisory, GitHub Advisory).
Impacto
Successful exploitation results in a denial-of-service condition, causing ImageMagick to exhaust available system memory and become unresponsive or crash. There is no impact on confidentiality or data integrity — the vulnerability is limited to availability. Systems that use ImageMagick for automated image processing pipelines (e.g., web applications, media servers) are at elevated risk if they process untrusted user-supplied images (ImageMagick Advisory, Red Hat Bugzilla).
Pasos de explotación
- Craft a malicious image: Create or obtain a specially crafted image file (e.g., a TIFF or PNG) designed to trigger excessive memory allocation when processed by ImageMagick's matrix-backed operations such as
-canny. - Deliver the image: Place the crafted image in a location where a vulnerable ImageMagick instance will process it — for example, uploading it to a web application that uses ImageMagick for image transformation, or placing it in a directory monitored by an automated processing script.
- Trigger processing: Cause ImageMagick to process the image using a matrix-backed operation (e.g.,
convert malicious.png -canny 0x1+10%+30% output.png), which bypasses the configured memory allocation policy. - Achieve denial of service: ImageMagick allocates memory beyond the policy limit, exhausting system memory and causing the process (and potentially the host application) to crash or become unresponsive (ImageMagick Advisory, GitHub Advisory).
Indicadores de compromiso
- Process Behavior: ImageMagick processes (
convert,magick) consuming abnormally high memory when processing specific image files, particularly those invoking-cannyor other matrix-backed operations. - Logs: System logs (e.g.,
/var/log/syslog,dmesg) showing OOM (Out of Memory) killer events triggered by ImageMagick processes; application logs showing ImageMagick crashes or unexpected terminations. - File System: Presence of unexpected or unusually large image files in upload directories or processing queues that consistently cause ImageMagick to crash.
- Network: For web-facing applications, repeated upload requests of the same or similar image files from a single source IP, particularly targeting image processing endpoints.
Mitigación y soluciones alternativas
Upgrade ImageMagick to version 7.1.2-26 or later (7.x branch) or 6.9.13-51 or later (6.9.x branch) to remediate the vulnerability. As interim mitigations, enforce OS-level memory limits on ImageMagick processes using tools such as ulimit or cgroups to constrain maximum memory usage. Restrict access to ImageMagick processing capabilities to trusted users or processes where possible, and avoid processing untrusted user-supplied images with matrix-backed operations until patched (ImageMagick Advisory, Red Hat Bugzilla).
Reacciones de la comunidad
The vulnerability received routine coverage across vulnerability tracking platforms including VulnDB, VulnCheck, INCIBE-CERT, and OSV shortly after disclosure. Red Hat opened a tracking bug (BZ#2499374) and classified it as medium severity. No notable researcher commentary or significant community discussion has been observed beyond standard vulnerability database entries (Red Hat Bugzilla).
Recursos adicionales
Fuente: Este informe se generó utilizando IA
Relacionado ImageMagick Vulnerabilidades:
Evaluación gratuita de vulnerabilidades
Compare su postura de seguridad en la nube
Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.
Recursos adicionales de Wiz
Obtén una demostración personalizada
¿Listo para ver a Wiz en acción?
"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."