CVE Catalog

CVE-2026-56376

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a use-after-free vulnerability in the meta coder. When memory allocation fails, a single byte is written to a stale pointer, potentially leading to denial of service.

Risk Assessment

Remote attackers can exploit this vulnerability by processing specially crafted image files, resulting in denial of service. This may affect the availability of applications using ImageMagick.

Recommendation

It is recommended to update ImageMagick to version 7.1.2-15 or 6.9.13-40 or later to mitigate this vulnerability.

Original NVD description (English source)

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS