Skip to main content

ImageMagick CVE-2026-56364

| EUVDEUVD-2026-40447 LOW
Memory Leak (CWE-401)
2026-06-30 VulnCheck GHSA-9gjp-pj3g-87pq
1.8
CVSS 4.0 · Vendor: VulnCheck

Severity by source

Vendor (VulnCheck) PRIMARY
1.8 LOW
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
1.9 LOW

Local-only attack (AV:L), write access to cache directory required (PR:H), crafted XML needed (AC:H); only low availability impact, no C or I.

3.1 AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
4.0 AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 30, 2026 - 23:34 vuln.today

DescriptionCVE.org

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.

AnalysisAI

Memory exhaustion denial of service in ImageMagick before 7.1.2-13 allows a local attacker with write access to the OpenCL cache directory to crash the application by placing malformed XML files that trigger an unpatched memory leak in LoadOpenCLDeviceBenchmark(). The root cause is CWE-401: memory allocated during XML parsing of unclosed device elements is never freed, enabling a resource exhaustion attack. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local write access to OpenCL cache directory
Delivery
Craft malformed XML with unclosed device elements
Exploit
Place file in ImageMagick cache path
Execution
Trigger ImageMagick operation loading OpenCL profile
Persist
Memory leak exhausts heap
Impact
ImageMagick process crashes (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions, all of which must be satisfied simultaneously. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 1.8 is consistent with the attack profile and accurately reflects minimal real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker who has gained write access to the OpenCL cache directory - perhaps through a misconfigured shared-hosting environment, a co-located container with a mounted cache volume, or a partially-compromised local account - places a crafted XML file containing malformed, unclosed OpenCL device elements. When ImageMagick subsequently performs any operation that loads the OpenCL benchmark profile, the memory leak is triggered; if the attacker can force repeated reloads (e.g., via a script that invokes ImageMagick in a loop), heap exhaustion causes the ImageMagick process or the hosting application (e.g., a PHP image-processing pipeline) to terminate. …
Remediation Upgrade ImageMagick to version 7.1.2-13 or later, which incorporates the fix from upstream commit a52c1b402be08ef8ae193f28ac5b2e120f2fa26f (https://github.com/ImageMagick/ImageMagick/commit/a52c1b402be08ef8ae193f28ac5b2e120f2fa26f). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-15277 MEDIUM POC
6.5 Oct 12

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when proc

CVE-2016-5841 CRITICAL POC
9.8 Dec 13

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of serv

CVE-2016-3717 MEDIUM POC
5.5 May 05

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files vi

CVE-2016-5118 CRITICAL
9.8 Jun 10

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit

CVE-2016-5689 CRITICAL POC
9.8 Dec 13

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b

CVE-2016-5690 CRITICAL POC
9.8 Dec 13

The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to

CVE-2016-5691 CRITICAL POC
9.8 Dec 13

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact b

CVE-2017-14138 CRITICAL POC
9.8 Sep 04

ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in cer

CVE-2026-23876 CRITICAL POC
9.8 Jan 20

Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled d

CVE-2023-34152 CRITICAL POC
9.8 May 30

A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable

CVE-2019-19952 CRITICAL POC
9.8 Dec 24

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to R

CVE-2018-14551 CRITICAL POC
9.8 Jul 23

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory cor

Share

CVE-2026-56364 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy