Home

Description

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.

PUBLISHED Reserved 2026-06-21 | Published 2026-07-10 | Updated 2026-07-14 | Assigner VulnCheck




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Problem types

Missing Release of Memory after Effective Lifetime

Product status

Default status
unaffected

Any version before 7.1.2-18
affected

7.1.2-18 (semver)
unaffected

Default status
unaffected

Any version before 6.9.13-43
affected

6.9.13-43 (semver)
unaffected

Credits

unbengable12 reporter

References

github.com/...Magick/security/advisories/GHSA-9r56-3gjq-hqf7 (GitHub Security Advisory (GHSA-9r56-3gjq-hqf7)) vendor-advisory

www.vulncheck.com/...leak-in-meta-reader-app1jpeg-error-path (VulnCheck Advisory: ImageMagick - Memory Leak in META Reader APP1JPEG Error Path) third-party-advisory

cve.org (CVE-2026-56366)

nvd.nist.gov (CVE-2026-56366)

Download JSON