CVE-2026-56366

LOW

ImageMagick - Memory Leak in META Reader APP1JPEG Error Path

Title source: cna
STIX 2.1

Description

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-9r56-3gjq-hqf7)
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7
Third Party Advisory third-party-advisory
VulnCheck Advisory: ImageMagick - Memory Leak in META Reader APP1JPEG Error Path
https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-meta-reader-app1jpeg-error-path

Scores

CVSS v3 3.3
EPSS 0.0010
EPSS Percentile 1.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Details

CWE
CWE-401
Status published
Products (5)
ImageMagick/ImageMagick < 6.9.13-43
imagemagick/imagemagick < 6.9.13-43
ImageMagick/ImageMagick < 7.1.2-18
ImageMagick/ImageMagick 6.9.13-43
ImageMagick/ImageMagick 7.1.2-18
Published Jul 10, 2026
Tracked Since Jul 10, 2026