CVE-2026-61867

Summary

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service.

Affected Software

VendorProductVersion RangeStatus
ImageMagickImageMagick0 < 7.1.2-26affected
ImageMagickImageMagick7.1.2-26unaffected

Weaknesses

  • CWE-401: Missing Release of Memory after Effective Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References