CVE-2026-56362
LOWImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization
Title source: cnaDescription
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-gq5v-qf8q-fp77)
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77
Third Party Advisory third-party-advisory
VulnCheck Advisory: ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization
https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-in-getpixelindex-via-openpixelcache-metadata-desynchronization
Scores
CVSS v3
3.3
EPSS
0.0019
EPSS Percentile
8.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (5)
ImageMagick/ImageMagick
< 6.9.13-40
imagemagick/imagemagick
< 6.9.13-40
ImageMagick/ImageMagick
< 7.1.2-15
ImageMagick/ImageMagick
6.9.13-40
ImageMagick/ImageMagick
7.1.2-15
Published
Jul 08, 2026
Tracked Since
Jul 08, 2026