Integer Overflow Vulnerability in ImageMagick Affects RLE Decoding
CVE-2026-56367

6.3MEDIUM

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 21 June 2026

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2026-56367?

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are susceptible to an integer overflow in the PSB (Photoshop v2) RLE decoding process. This flaw exists within the ReadPSDChannelRLE function, which can result in a heap out-of-bounds read, particularly on 32-bit builds. By processing a specially crafted PSB file, attackers may exploit this vulnerability to gain unauthorized information or cause a crash, jeopardizing the integrity of applications that rely on this widely used software.

Affected Version(s)

ImageMagick 0 < 7.1.2-15

ImageMagick 0 < 6.9.13-40

ImageMagick 7.1.2-15

References

https://github.com/ImageMagick/ImageMagick/security/advis...

vendor-advisory

https://www.vulncheck.com/advisories/imagemagick-heap-out...

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2026
Vulnerability Reserved
Jun 21, 2026

Credit

andsopwn

CVE-2026-56367 Data

JSON