CVE Catalog

CVE-2026-55595

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

1th percentile — higher than 1% of all known CVEs

Summary

In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, providing invalid arguments to the connected-components option causes an infinite loop. This issue has been fixed in the mentioned versions.

Risk Assessment

The infinite loop can lead to denial of service (DoS) by exhausting system resources, disrupting applications using ImageMagick.

Recommendation

Immediately update ImageMagick to version 6.9.13-51 or 7.1.2-26 or later.

Original NVD description (English source)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS