CVE Catalog

CVE-2026-56363

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

In ImageMagick before version 7.1.2-22, a division by zero vulnerability exists in binomial kernel processing. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.

Risk Assessment

The risk is a Denial of Service (DoS) attack, where a crafted image can crash the application, potentially disrupting services.

Recommendation

Immediately upgrade ImageMagick to version 7.1.2-22 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS