Memory Leak Vulnerability in ImageMagick Products by ImageMagick
CVE-2026-56364

1.8LOW

Key Information:

Vendor
CVE Published:
30 June 2026

What is CVE-2026-56364?

ImageMagick prior to version 7.1.2-13 is susceptible to a memory leak vulnerability within the LoadOpenCLDeviceBenchmark() function. This issue arises when the software processes malformed OpenCL device profile XML files containing unclosed device elements. Attackers with write permissions to the OpenCL cache directory can exploit this flaw by introducing crafted XML files, leading to excessive memory consumption and potential denial of service.

Affected Version(s)

ImageMagick 0 < 7.1.2-13

ImageMagick 7.1.2-13

References

CVSS V4

Score:
1.8
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Keryer
.