CVE-2026-56372
LOWImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method
Title source: cnaDescription
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-8vfj-q2cp-5m5j)
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8vfj-q2cp-5m5j
Third Party Advisory third-party-advisory
VulnCheck Advisory: ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method
https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-via-unrecognized-magnify-method
Scores
CVSS v3
3.3
EPSS
0.0012
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-122
Status
published
Products (3)
ImageMagick/ImageMagick
< 7.1.2-19
imagemagick/imagemagick
< 7.1.2-19
ImageMagick/ImageMagick
7.1.2-19
Published
Jul 11, 2026
Tracked Since
Jul 11, 2026