Out-of-bounds Access Vulnerability in ImageMagick Software
CVE-2026-56370

4.8MEDIUM

Key Information:

Vendor
CVE Published:
24 June 2026

What is CVE-2026-56370?

ImageMagick prior to version 7.1.2-19 is vulnerable to an out-of-bounds access flaw in the ConnectedComponentsImage() function. This vulnerability arises when processing connected-components artifacts that possess invalid indices. Malicious actors can exploit this flaw by crafting malformed connected-components definitions using the command line interface (CLI), leading to access violations. This could result in a denial of service, and in some scenarios, it may allow an attacker to execute arbitrary code, compromising system integrity.

Affected Version(s)

ImageMagick 0 < 7.1.2-19

ImageMagick 0 < 6.9.13-44

ImageMagick 7.1.2-19

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ylwango613
.