CVE-2026-56366

Summary

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.

Affected Software

VendorProductVersion RangeStatus
ImageMagickImageMagick0 < 7.1.2-18affected
ImageMagickImageMagick7.1.2-18unaffected
ImageMagickImageMagick0 < 6.9.13-43affected
ImageMagickImageMagick6.9.13-43unaffected

Weaknesses

  • CWE-401: Missing Release of Memory after Effective Lifetime

References