CVE-2026-56368

Summary

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.

Affected Software

VendorProductVersion RangeStatus
ImageMagickImageMagick0 < 7.1.2-15affected
ImageMagickImageMagick7.1.2-15unaffected
ImageMagickImageMagick0 < 6.9.13-40affected
ImageMagickImageMagick6.9.13-40unaffected

Weaknesses

  • CWE-401: Missing Release of Memory after Effective Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References