Out-of-bounds Access Vulnerability in ImageMagick Software
CVE-2026-56370
4.8MEDIUM
What is CVE-2026-56370?
ImageMagick prior to version 7.1.2-19 is vulnerable to an out-of-bounds access flaw in the ConnectedComponentsImage() function. This vulnerability arises when processing connected-components artifacts that possess invalid indices. Malicious actors can exploit this flaw by crafting malformed connected-components definitions using the command line interface (CLI), leading to access violations. This could result in a denial of service, and in some scenarios, it may allow an attacker to execute arbitrary code, compromising system integrity.
Affected Version(s)
ImageMagick 0 < 7.1.2-19
ImageMagick 0 < 6.9.13-44
ImageMagick 7.1.2-19