Memory Leak Vulnerability in ImageMagick Affects Multiple Versions
CVE-2026-56366
4.8MEDIUM
What is CVE-2026-56366?
ImageMagick prior to version 7.1.2-18 has a vulnerability that leads to a memory leak within the META reader when processing specifically designed APP1JPEG files. Attackers can exploit this flaw by uploading malicious APP1JPEG images, which can cause a substantial denial of service due to resource exhaustion. This vulnerability poses a significant threat as it can incapacitate the application, affecting overall performance and availability.
Affected Version(s)
ImageMagick 0 < 7.1.2-18
ImageMagick 0 < 6.9.13-43
ImageMagick 7.1.2-18