CVE-2026-56366
LOWImageMagick - Memory Leak in META Reader APP1JPEG Error Path
Title source: cnaDescription
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-9r56-3gjq-hqf7)
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7
Third Party Advisory third-party-advisory
VulnCheck Advisory: ImageMagick - Memory Leak in META Reader APP1JPEG Error Path
https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-meta-reader-app1jpeg-error-path
Scores
CVSS v3
3.3
EPSS
0.0010
EPSS Percentile
1.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Details
CWE
CWE-401
Status
published
Products (5)
ImageMagick/ImageMagick
< 6.9.13-43
imagemagick/imagemagick
< 6.9.13-43
ImageMagick/ImageMagick
< 7.1.2-18
ImageMagick/ImageMagick
6.9.13-43
ImageMagick/ImageMagick
7.1.2-18
Published
Jul 10, 2026
Tracked Since
Jul 10, 2026