Off-by-One Error in ImageMagick Morphology Processing
CVE-2026-56361

4.8MEDIUM

Key Information:

Vendor
CVE Published:
30 June 2026

What is CVE-2026-56361?

An off-by-one error in the morphology validation of ImageMagick prior to version 7.1.2-19 can lead to out-of-bounds heap buffer reads. This vulnerability allows attackers to exploit the software by supplying invalid morphology parameters, resulting in memory access violations that can cause a heap buffer overflow. Proper sanitation of inputs is crucial to mitigate the risks associated with this flaw, as it potentially allows for unauthorized access to sensitive memory areas.

Affected Version(s)

ImageMagick 0 < 7.1.2-19

ImageMagick 0 < 6.9.13-44

ImageMagick 7.1.2-19

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

shitianyu-2004
.