CVE-2026-56364

LOW

ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML

Title source: cna
STIX 2.1

Description

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-qp59-x883-77qv)
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
Third Party Advisory third-party-advisory
VulnCheck Advisory: ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML
https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-loadopencldevicebenchmark-via-malformed-xml

Scores

CVSS v3 1.9
EPSS 0.0012
EPSS Percentile 2.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-401
Status published
Products (3)
ImageMagick/ImageMagick < 7.1.2-13
imagemagick/imagemagick < 7.1.2-13
ImageMagick/ImageMagick 7.1.2-13
Published Jun 30, 2026
Tracked Since Jul 01, 2026