Back to overview

CVE-2026-56379

0.0
CVSS 3.1
Description
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.

Metadata

CVE ID
CVE-2026-56379
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-21 02:05 UTC
Published
2026-06-23 12:13 UTC
Last updated
2026-06-23 13:58 UTC
Primary CWE
CWE-116
Improper Encoding or Escaping of Output
Vendor / Product
ImageMagick / ImageMagick
Sources
cve.org  ·  NVD

Severity & Metrics

0.0 N/D CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
ImageMagick ImageMagick 0 < 7.1.2-15, 7.1.2-15
ImageMagick ImageMagick 0 < 6.9.13-40, 6.9.13-40
Weakness (CWE)
CWESourceDescription
CWE-116 cna Improper Encoding or Escaping of Output
CVSS scores (2)
ScoreSeverityVersionSourceVector
0.0 N/D 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
0.0 N/D 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
References (2)
Back to overview