ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.

Project Subscriptions

Vendors Products
Imagemagick Subscribe
Imagemagick Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-4680-1 imagemagick security update
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 14 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 11 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

threat_severity

Low


Fri, 10 Jul 2026 14:45:00 +0000

Type Values Removed Values Added
Description ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.
Title ImageMagick - Memory Leak in META Reader APP1JPEG Error Path
First Time appeared Imagemagick
Imagemagick imagemagick
Weaknesses CWE-401
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Vendors & Products Imagemagick
Imagemagick imagemagick
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-14T01:45:51.729Z

Reserved: 2026-06-21T02:05:21.919Z

Link: CVE-2026-56366

cve-icon Vulnrichment

Updated: 2026-07-14T01:45:48.384Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-07-10T13:57:58Z

Links: CVE-2026-56366 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T20:00:05Z

Weaknesses