CVE-2026-56364
1.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Summary
ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ImageMagick | ImageMagick | 0 < 7.1.2-13 | affected |
| ImageMagick | ImageMagick | 7.1.2-13 | unaffected |
Weaknesses
- CWE-401: Missing Release of Memory after Effective Lifetime
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
- https://github.com/ImageMagick/ImageMagick/commit/a52c1b402be08ef8ae193f28ac5b2e120f2fa26f
- https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-loadopencldevicebenchmark-via-malformed-xml
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.