Use-After-Free Vulnerability in ImageMagick Product by Vendor ImageMagick
CVE-2026-56373
6.3MEDIUM
What is CVE-2026-56373?
ImageMagick versions prior to 7.1.2-15 are susceptible to a use-after-free vulnerability located in the PDB decoder. This flaw arises from the mishandling of memory pointers, specifically when memory allocation fails, allowing attackers to exploit the situation by submitting crafted PDB files. The exploitation may result in application crashes or the ability to write a single zero byte to previously freed memory, posing a significant risk to application stability and security.
Affected Version(s)
ImageMagick 0 < 7.1.2-15
ImageMagick 0 < 6.9.13-40
ImageMagick 7.1.2-15