ImageMagick: Policy Bypass in MNG coder could

Vulnerability

A missing check in the MNG coder of ImageMagick allows an attacker to read more images than the list limit policy would permit, resulting in excessive resource use. This affects ImageMagick and its .NET wrapper Magick.NET prior to the fix released in Magick.NET version 14.13.1 [2][3]. The vulnerability is present in the MNG decoding path and can be triggered by processing a specially crafted MNG file.

Exploitation

An attacker can exploit this vulnerability by providing a malicious MNG file to an application that uses ImageMagick to process images. No authentication or special privileges are required; the attack can be performed remotely if the application accepts user-supplied images. The missing check allows the decoder to iterate beyond the configured list limit, causing excessive memory and CPU consumption.

Impact

Successful exploitation leads to a denial of service (DoS) condition due to excessive resource consumption. The impact is primarily on availability; there is no indication of confidentiality or integrity compromise. The excessive resource use can cause the application or system to become unresponsive.

Mitigation

Update to Magick.NET version 14.13.1 or later, which contains the fix [2][3]. For standalone ImageMagick installations, apply the corresponding patch from the advisory. If an immediate update is not possible, consider restricting MNG file processing or implementing resource limits via the ImageMagick policy configuration (policy.xml).