CVE-2026-23952
MEDIUMMagick.NET < 14.10.2 - Denial of Service via MSL Comment Tag Parsing
Title source: llmDescription
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
Release Notes x_refsource_misc
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
Scores
CVSS v3
6.5
EPSS
0.0043
EPSS Percentile
34.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (21)
dlemstra/magick.net
< 14.10.2
imagemagick/imagemagick
< 6.9.13-38
nuget/Magick.NET-Q16-AnyCPU
0 - 14.10.2NuGet
nuget/Magick.NET-Q16-arm64
0 - 14.10.2NuGet
nuget/Magick.NET-Q16-HDRI-AnyCPU
0 - 14.10.2NuGet
nuget/Magick.NET-Q16-HDRI-arm64
0 - 14.10.2NuGet
nuget/Magick.NET-Q16-HDRI-OpenMP-arm64
0 - 14.10.2NuGet
nuget/Magick.NET-Q16-HDRI-OpenMP-x64
0 - 14.10.2NuGet
nuget/Magick.NET-Q16-HDRI-x64
0 - 14.10.2NuGet
nuget/Magick.NET-Q16-HDRI-x86
0 - 14.10.2NuGet
... and 11 more
Published
Jan 22, 2026
Tracked Since
Feb 18, 2026