Skip to main content

ImageMagick CVE-2026-56362

| EUVDEUVD-2026-42259 LOW
Out-of-bounds Read (CWE-125)
2026-07-08 disclosure@vulncheck.com GHSA-m366-rhm3-cx89
2.1
CVSS 4.0 · Vendor: vulncheck

Severity by source

Vendor (vulncheck) PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.3 LOW

High privileges and precise allocation-failure timing required; impacts limited to partial heap read and minor availability disruption with no integrity effect.

3.1 AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
4.0 AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (vulncheck).

CVSS VectorVendor: vulncheck

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 08, 2026 - 15:07 vuln.today
Patch available
Jul 08, 2026 - 15:01 EUVD

DescriptionCVE.org

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.

AnalysisAI

Heap-buffer-overflow read in ImageMagick's GetPixelIndex function exposes limited heap memory contents and can cause partial availability impact in affected 6.x and 7.x branches before the patched releases. The root cause is a metadata-allocation race in OpenPixelCache, which updates image channel metadata before confirming successful pixel cache memory allocation, leaving GetPixelIndex to operate on stale channel counts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege access to image processor
Delivery
Submit resource-exhausting crafted image
Exploit
Induce memory or disk allocation failure during OpenPixelCache
Execution
Channel metadata updates before allocation completes
Persist
GetPixelIndex reads out-of-bounds heap region
Impact
Partial heap data disclosure or processing crash

Vulnerability AssessmentAI

Exploitation Exploitation requires high privilege access to the ImageMagick processing context (PR:H per CVSS 4.0 vector) and the ability to create or influence memory or disk allocation failures on the target system (AT:P - a specific precondition). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.1 accurately reflects a low-priority issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A high-privilege user on a shared image processing service submits a crafted image while simultaneously exhausting available memory or disk space on the host, causing OpenPixelCache's pixel buffer allocation to fail after channel metadata has already been updated. GetPixelIndex then performs an out-of-bounds heap read using the stale channel count, potentially leaking a small amount of adjacent heap memory to the caller or crashing the processing thread. …
Remediation Upgrade ImageMagick to version 7.1.2-15 or later on the 7.x branch, or to version 6.9.13-40 or later on the legacy 6.x branch. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-15277 MEDIUM POC
6.5 Oct 12

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when proc

CVE-2016-5841 CRITICAL POC
9.8 Dec 13

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of serv

CVE-2016-3717 MEDIUM POC
5.5 May 05

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files vi

CVE-2016-5118 CRITICAL
9.8 Jun 10

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit

CVE-2016-5689 CRITICAL POC
9.8 Dec 13

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b

CVE-2016-5690 CRITICAL POC
9.8 Dec 13

The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to

CVE-2016-5691 CRITICAL POC
9.8 Dec 13

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b

CVE-2017-14138 CRITICAL POC
9.8 Sep 04

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in cer

CVE-2026-23876 CRITICAL POC
9.8 Jan 20

Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d

CVE-2023-34152 CRITICAL POC
9.8 May 30

A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable

CVE-2019-19952 CRITICAL POC
9.8 Dec 24

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to R

CVE-2018-14551 CRITICAL POC
9.8 Jul 23

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory cor

Share

CVE-2026-56362 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy