CVE Catalog

CVE-2026-55510

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

In ImageMagick prior to versions 6.9.13-51 and 7.1.2-26, a use-after-free vulnerability occurs when identifying an image with a crafted 8BIM profile containing a specific format string. The issue is fixed in the mentioned versions.

Risk Assessment

An attacker can remotely cause application crashes or potentially execute arbitrary code, leading to compromise of system confidentiality, integrity, and availability.

Recommendation

Immediately update ImageMagick to version 6.9.13-51 or 7.1.2-26 or later. If updating is not possible, restrict image processing to trusted sources.

Original NVD description (English source)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS