CVE-2026-56368 | ImageMagick before 7.1.2-15 contains a memory leak vulnerabi… | CVSS 3.7 LOW

Description

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.

Metadata

CVE ID: CVE-2026-56368
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-21 02:05 UTC
Published: 2026-06-24 11:53 UTC
Last updated: 2026-06-24 13:40 UTC
Primary CWE: CWE-401
Missing Release of Memory after Effective Lifetime
Vendor / Product: ImageMagick / ImageMagick
Sources: cve.org · NVD

Severity & Metrics

3.7 LOW CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
ImageMagick	ImageMagick	—	0 < 7.1.2-15, 7.1.2-15
ImageMagick	ImageMagick	—	0 < 6.9.13-40, 6.9.13-40

Weakness (CWE)

CWE	Source	Description
CWE-401	cna	Missing Release of Memory after Effective Lifetime

CVSS scores (2)

Score	Severity	Version	Source	Vector
6.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3.7	LOW	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References (2)

GitHub Security Advisory (GHSA-wfx3-6g53-9fgc) https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc
VulnCheck Advisory: ImageMagick - Memory Leak in Raw Pixel Data Coders https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-raw-pixel-data-coders