Heap Buffer Overflow in ImageMagick Affects OpenPixelCache Functionality
CVE-2026-56362

2.1LOW

Key Information:

Vendor
CVE Published:
8 July 2026

What is CVE-2026-56362?

ImageMagick versions prior to 7.1.2-15 are susceptible to a heap-buffer-overflow read vulnerability within the GetPixelIndex function. This issue arises when OpenPixelCache updates image channel metadata ahead of memory allocation for the pixel cache, potentially leading to memory and disk allocation failures. An attacker could exploit this vulnerability to invoke a heap-buffer-overflow read, affecting any operations that rely on GetPixelIndex.

Affected Version(s)

ImageMagick 0 < 7.1.2-15

ImageMagick 0 < 6.9.13-40

ImageMagick 7.1.2-15

References

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ylwango613
.