Memory Leak Vulnerability in ImageMagick Products by ImageMagick
CVE-2026-56364
1.8LOW
What is CVE-2026-56364?
ImageMagick prior to version 7.1.2-13 is susceptible to a memory leak vulnerability within the LoadOpenCLDeviceBenchmark() function. This issue arises when the software processes malformed OpenCL device profile XML files containing unclosed device elements. Attackers with write permissions to the OpenCL cache directory can exploit this flaw by introducing crafted XML files, leading to excessive memory consumption and potential denial of service.
Affected Version(s)
ImageMagick 0 < 7.1.2-13
ImageMagick 7.1.2-13