Heap Buffer Overflow in ImageMagick Affects OpenPixelCache Functionality
CVE-2026-56362
2.1LOW
What is CVE-2026-56362?
ImageMagick versions prior to 7.1.2-15 are susceptible to a heap-buffer-overflow read vulnerability within the GetPixelIndex function. This issue arises when OpenPixelCache updates image channel metadata ahead of memory allocation for the pixel cache, potentially leading to memory and disk allocation failures. An attacker could exploit this vulnerability to invoke a heap-buffer-overflow read, affecting any operations that rely on GetPixelIndex.
Affected Version(s)
ImageMagick 0 < 7.1.2-15
ImageMagick 0 < 6.9.13-40
ImageMagick 7.1.2-15