CVE Catalog

CVE-2026-56367

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

An integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) in ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 causes a heap out-of-bounds read on 32-bit builds, potentially leading to information disclosure or a crash.

Risk Assessment

Processing a crafted PSB file may result in disclosure of sensitive data from memory or cause a denial of service, posing a risk to system stability and security.

Recommendation

Upgrade ImageMagick to version 7.1.2-15 or later (for the 7.x branch) or to version 6.9.13-40 or later (for the 6.9.x branch) immediately.

Original NVD description (English source)

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS