CVE-2026-56365

Summary

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

Affected Software

VendorProductVersion RangeStatus
ImageMagickImageMagick0 < 7.1.2-19affected
ImageMagickImageMagick7.1.2-19unaffected
ImageMagickImageMagick0 < 6.9.13-44affected
ImageMagickImageMagick6.9.13-44unaffected

Weaknesses

  • CWE-401: Missing Release of Memory after Effective Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References