Infinite Loop Vulnerability in ImageMagick Software by ImageMagick
CVE-2026-55595

4.7MEDIUM

Key Information:

Vendor
CVE Published:
1 July 2026

What is CVE-2026-55595?

ImageMagick, a popular free and open-source software for editing and manipulating digital images, has a vulnerability that causes an infinite loop when invalid arguments are provided to the connected-components option. This flaw impacts versions prior to 6.9.13-51 and 7.1.2-26 and has the potential to disrupt normal operations. Users are encouraged to update to the latest versions to mitigate this issue and ensure the security and stability of their image processing tasks.

Affected Version(s)

ImageMagick >= 7.0.1-0, < 7.1.2-26 < 7.0.1-0, 7.1.2-26

ImageMagick < 6.9.13-51 < 6.9.13-51

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.