CVE-2026-61870
2.1
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Summary
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ImageMagick | ImageMagick | 0 < 7.1.2-26 | affected |
| ImageMagick | ImageMagick | 7.1.2-26 | unaffected |
| ImageMagick | ImageMagick | 0 < 6.9.13-51 | affected |
| ImageMagick | ImageMagick | 6.9.13-51 | unaffected |
Weaknesses
- CWE-401: Missing Release of Memory after Effective Lifetime
References
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh
- https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-via-viff-encoder
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.