CVE-2026-56361
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
ImageMagick before version 7.1.2-19 contains an off-by-one error in morphology validation, allowing out-of-bounds heap buffer reads. Attackers can trigger a heap buffer overflow by providing incorrect morphology parameters, causing single pixel memory access violations.
Risk Assessment
The risk includes potential arbitrary code execution or application crash when processing images, which could compromise system confidentiality, integrity, or availability.
Recommendation
It is recommended to immediately upgrade ImageMagick to version 7.1.2-19 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.

