CVE-2026-56364
LOWImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML
Title source: cnaDescription
ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-qp59-x883-77qv)
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
Patch patch
https://github.com/ImageMagick/ImageMagick/commit/a52c1b402be08ef8ae193f28ac5b2e120f2fa26f
Third Party Advisory third-party-advisory
VulnCheck Advisory: ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML
https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-loadopencldevicebenchmark-via-malformed-xml
Scores
CVSS v3
1.9
EPSS
0.0012
EPSS Percentile
2.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-401
Status
published
Products (3)
ImageMagick/ImageMagick
< 7.1.2-13
imagemagick/imagemagick
< 7.1.2-13
ImageMagick/ImageMagick
7.1.2-13
Published
Jun 30, 2026
Tracked Since
Jul 01, 2026