Listen to this Post
ImageMagick fails to check for circular references between two Magick Scripting Language (MSL) files . When a specially crafted MSL script is processed, specifically one that causes a file to reference itself or another file that references it back, the `ProcessMSLScript` function enters an infinite recursion loop . This causes the call stack to grow uncontrollably because the function continuously calls itself without an exit condition. The stack memory eventually overflows, leading to a crash (segmentation fault) and resulting in a Denial of Service (DoS) . The vulnerability lies in the XML parsing chain where `ProcessMSLScript` calls xmlParseChunk, which ultimately calls back into MSLStartElement, restarting the cycle [citation:].
dailycve form:
Platform: ImageMagick
Version: <7.1.2-15, <6.9.13-40
Vulnerability : Stack overflow via recursion
Severity: Critical (9.8 CVSS)
date: Feb 23, 2026
Prediction: Patched already
What Undercode Say:
Analytics:
- CWE-674: Uncontrolled Recursion
- Attack Vector: Network (Remote)
- User Interaction: None required
- Scope: Unchanged
- Technical Impact: Denial of Service / Application Crash
- Vulnerable Function: `ProcessMSLScript`
Bash Commands & Detection:
Check installed ImageMagick version identify -version | grep Version Check for vulnerable MSL handling (policy) grep -r "msl" /etc/ImageMagick-/policy.xml Debian/Ubuntu update command sudo apt update && sudo apt install imagemagick RHEL/CentOS/Fedora update sudo dnf upgrade ImageMagick Verify patch application (Version should be >= 7.1.2-15 or 6.9.13-40) convert --version | grep -E "7.1.2-1[5-9]|6.9.13-(4[0-9]|5[0-9])"
Exploit:
- Malicious MSL file referencing itself.
<?xml version="1.0" encoding="UTF-8"?> <image> <read filename="circular.msl" /> <write filename="output.png" /> </image>
(Where `circular.msl` reads itself recursively).
Protection from this CVE:
- Upgrade to version 7.1.2-15 or 6.9.13-40 immediately .
- Disable MSL coders in policy.xml if not needed:
<policy domain="coder" rights="none" pattern="MSL" />
- Validate and sanitize all user-uploaded image files before processing.
Impact:
- Complete denial of service for image processing services.
- If combined with other memory corruption bugs, potential for arbitrary code execution (RCE) in worst-case scenarios .
- Affects popular Linux distributions including Debian, Red Hat, and openEuler .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

