CVE-2026-56374

Summary

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure.

Affected Software

VendorProductVersion RangeStatus
ImageMagickImageMagick0 < 7.1.2-19affected
ImageMagickImageMagick7.1.2-19unaffected

Weaknesses

  • CWE-125: Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References