ImageMagick – Memory Leak in Raw Pixel Data Coders

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Description

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.

Basic Information

ID CVE-2026-56368

Source VulnCheck

Published Jun 24, 2026 at 11:53

Affected Product

Vendor ImageMagick

Product ImageMagick

Affected Versions ImageMagick ImageMagick 0
ImageMagick ImageMagick 0

CWE Classification

CWE-401

References

{
    "lastseen": "",
    "description": "ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.",
    "published": "2026-06-24T11:53:20.423Z",
    "modified": "2026-06-24T11:53:20.423Z",
    "type": "cve",
    "title": "ImageMagick - Memory Leak in Raw Pixel Data Coders",
    "source": "VulnCheck",
    "references": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc\nhttps://www.vulncheck.com/advisories/imagemagick-memory-leak-in-raw-pixel-data-coders",
    "id": "CVE-2026-56368",
    "bulletinFamily": "",
    "cwe": [
        "CWE-401"
    ],
    "cvelist": null,
    "sourceData": "ImageMagick ImageMagick 0\nImageMagick ImageMagick 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ImageMagick",
    "version": "0",
    "vendor": "ImageMagick",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ImageMagick – Memory Leak in Raw Pixel Data Coders_CVE-2026-56368