Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-23952

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 months, 3 weeks ago

ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8 x_refsource_CONFIRM
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2 x_refsource_MISC

Affected products

ImageMagick

==< 14.10.2

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-0
- nixpkgs-unstable 7.1.2-0
- nixos-unstable-small 7.1.2-0
nixos-25.11 7.1.2-9
- nixpkgs-25.11-darwin 7.1.2-9

pkgs.imagemagick6

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 6.9.13-10
- nixpkgs-unstable 6.9.13-10
- nixos-unstable-small 6.9.13-10
nixos-25.11 6.9.13-10
- nixpkgs-25.11-darwin 6.9.13-10

pkgs.imagemagickBig

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-0
- nixpkgs-unstable 7.1.2-0
- nixos-unstable-small 7.1.2-0
nixos-25.11 7.1.2-9
- nixpkgs-25.11-darwin 7.1.2-9

pkgs.imagemagick6Big

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 6.9.13-10
- nixpkgs-unstable 6.9.13-10
- nixos-unstable-small 6.9.13-10
nixos-25.11 6.9.13-10
- nixpkgs-25.11-darwin 6.9.13-10

pkgs.imagemagick_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 7.1.2-0
- nixpkgs-unstable 7.1.2-0
- nixos-unstable-small 7.1.2-0
nixos-25.11 7.1.2-9
- nixpkgs-25.11-darwin 7.1.2-9

pkgs.imagemagick6_light

Software suite to create, edit, compose, or convert bitmap images

nixos-unstable 6.9.13-10
- nixpkgs-unstable 6.9.13-10
- nixos-unstable-small 6.9.13-10
nixos-25.11 6.9.13-10
- nixpkgs-25.11-darwin 6.9.13-10

pkgs.graphicsmagick-imagemagick-compat

Repack of GraphicsMagick that provides compatibility with ImageMagick interfaces

nixos-unstable 1.3.45
- nixpkgs-unstable 1.3.45
- nixos-unstable-small 1.3.45
nixos-25.11 1.3.45
- nixpkgs-25.11-darwin 1.3.45

pkgs.tests.pkg-config.defaultPkgConfigPackages.MagickWand

Test whether imagemagick-7.1.2-0 exposes pkg-config modules MagickWand

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixpkgs-25.11-darwin

pkgs.tests.pkg-config.defaultPkgConfigPackages.ImageMagick

Test whether imagemagick-7.1.2-0 exposes pkg-config modules ImageMagick

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixpkgs-25.11-darwin

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@rhendric Ryan Hendrickson
@faukah faukah