CVE-2026-56378
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
A vulnerability in ImageMagick before version 7.1.2-15 (and 6.x before 6.9.13-40) causes a heap out-of-bounds read in the DecodeImage loop of the PCD coder. A specially crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, leading to denial of service and potential disclosure of an adjacent heap byte.
Risk Assessment
The risk includes service disruption (denial of service) and potential memory data leakage from the heap, which may compromise the confidentiality of information within the organization.
Recommendation
It is recommended to immediately update ImageMagick to version 7.1.2-15 or later (for the 6.x branch to 6.9.13-40 or later). Additionally, restrict processing of PCD files from untrusted sources.
Original NVD description (English source)
ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte.

