CVE-2026-56367
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
An integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) in ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 causes a heap out-of-bounds read on 32-bit builds, potentially leading to information disclosure or a crash.
Risk Assessment
Processing a crafted PSB file may result in disclosure of sensitive data from memory or cause a denial of service, posing a risk to system stability and security.
Recommendation
Upgrade ImageMagick to version 7.1.2-15 or later (for the 7.x branch) or to version 6.9.13-40 or later (for the 6.9.x branch) immediately.
Original NVD description (English source)
ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash.

