Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.2

ImageMagick: Stack Overflow When Processing MSL Scripts

CVE-2026-25971 GHSA-8mpr-6xr2-chhc
Summary

ImageMagick's handling of MSL scripts can cause the program to crash due to excessive memory usage. This issue affects users who process MSL files with ImageMagick. To stay safe, update to the latest version of ImageMagick.

What to do
  • Update magick.net-q16-anycpu to version 14.10.3.
  • Update magick.net-q16-hdri-anycpu to version 14.10.3.
  • Update magick.net-q16-hdri-openmp-arm64 to version 14.10.3.
  • Update magick.net-q16-hdri-arm64 to version 14.10.3.
  • Update magick.net-q16-hdri-x64 to version 14.10.3.
  • Update magick.net-q16-hdri-x86 to version 14.10.3.
  • Update magick.net-q16-openmp-arm64 to version 14.10.3.
  • Update magick.net-q16-openmp-x64 to version 14.10.3.
  • Update magick.net-q16-openmp-x86 to version 14.10.3.
  • Update magick.net-q16-arm64 to version 14.10.3.
  • Update magick.net-q16-x64 to version 14.10.3.
  • Update magick.net-q16-x86 to version 14.10.3.
  • Update magick.net-q16-hdri-openmp-x64 to version 14.10.3.
  • Update magick.net-q8-anycpu to version 14.10.3.
  • Update magick.net-q8-openmp-arm64 to version 14.10.3.
  • Update magick.net-q8-openmp-x64 to version 14.10.3.
  • Update magick.net-q8-arm64 to version 14.10.3.
  • Update magick.net-q8-x64 to version 14.10.3.
  • Update magick.net-q8-x86 to version 14.10.3.
Affected software
VendorProductAffected versionsFix available
imagemagick imagemagick <= 6.9.13-40
imagemagick imagemagick > 7.0.0-0 , <= 7.1.2-15
magick.net-q16-anycpu <= 14.10.3 14.10.3
magick.net-q16-hdri-anycpu <= 14.10.3 14.10.3
magick.net-q16-hdri-openmp-arm64 <= 14.10.3 14.10.3
magick.net-q16-hdri-arm64 <= 14.10.3 14.10.3
magick.net-q16-hdri-x64 <= 14.10.3 14.10.3
magick.net-q16-hdri-x86 <= 14.10.3 14.10.3
magick.net-q16-openmp-arm64 <= 14.10.3 14.10.3
magick.net-q16-openmp-x64 <= 14.10.3 14.10.3
magick.net-q16-openmp-x86 <= 14.10.3 14.10.3
magick.net-q16-arm64 <= 14.10.3 14.10.3
magick.net-q16-x64 <= 14.10.3 14.10.3
magick.net-q16-x86 <= 14.10.3 14.10.3
magick.net-q16-hdri-openmp-x64 <= 14.10.3 14.10.3
magick.net-q8-anycpu <= 14.10.3 14.10.3
magick.net-q8-openmp-arm64 <= 14.10.3 14.10.3
magick.net-q8-openmp-x64 <= 14.10.3 14.10.3
magick.net-q8-arm64 <= 14.10.3 14.10.3
magick.net-q8-x64 <= 14.10.3 14.10.3
magick.net-q8-x86 <= 14.10.3 14.10.3
Original title
ImageMagick: MSL - Stack overflow in ProcessMSLScript
Original description
### Summary
Magick fails to check for circular references between two MSLs, leading to a stack overflow.

### Details
After reading a.msl using magick, the following is displayed:

`MSLStartElement` -> `ReadImage` -> `ReadMSLImage` -> `ProcessMSLScript` -> `xmlParseChunk` -> `xmlParseTryOrFinish` -> `MSLStartElement`

```bash
AddressSanitizer:DEADLYSIGNAL
=================================================================
==114345==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x72509fc7d804 bp 0x7ffd6598b390 sp 0x7ffd6598ab20 T0)
#0 0x72509fc7d804 in strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:388
[...]
```
nvd CVSS3.1 9.8
Vulnerability type
CWE-674
CWE-787 Out-of-bounds Write
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026