Off-by-One Error in ImageMagick Morphology Processing
CVE-2026-56361
4.8MEDIUM
What is CVE-2026-56361?
An off-by-one error in the morphology validation of ImageMagick prior to version 7.1.2-19 can lead to out-of-bounds heap buffer reads. This vulnerability allows attackers to exploit the software by supplying invalid morphology parameters, resulting in memory access violations that can cause a heap buffer overflow. Proper sanitation of inputs is crucial to mitigate the risks associated with this flaw, as it potentially allows for unauthorized access to sensitive memory areas.
Affected Version(s)
ImageMagick 0 < 7.1.2-19
ImageMagick 0 < 6.9.13-44
ImageMagick 7.1.2-19