CVE Catalog

CVE-2026-56365

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A memory leak vulnerability in ImageMagick before version 7.1.2-19 exists in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

Risk Assessment

The risk is that an attacker can remotely exhaust server memory, leading to unavailability of image processing services.

Recommendation

Immediately update ImageMagick to version 7.1.2-19 or later, which fixes this vulnerability.

Original NVD description (English source)

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS