{
  "threat_severity" : "Important",
  "public_date" : "2026-06-10T21:25:20Z",
  "bugzilla" : {
    "description" : "ImageMagick: ImageMagick: Denial of Service due to resource policy bypass in PSD decoder",
    "id" : "2487734",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2487734"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.", "A flaw was found in ImageMagick. A missing check in the PSD (Photoshop Document) decoder allows an attacker to bypass the list-length resource policy when processing a specially crafted PSD image. This could lead to a denial of service (DoS) condition by consuming excessive resources." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-06-29T00:00:00Z",
    "advisory" : "RHSA-2026:32961",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "ImageMagick-0:6.9.10.68-17.el7_9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-45031\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-45031\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx" ],
  "name" : "CVE-2026-45031",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}