Use-After-Free Vulnerability in ImageMagick Product by Vendor ImageMagick
CVE-2026-56373

6.3MEDIUM

Key Information:

Vendor
CVE Published:
10 July 2026

What is CVE-2026-56373?

ImageMagick versions prior to 7.1.2-15 are susceptible to a use-after-free vulnerability located in the PDB decoder. This flaw arises from the mishandling of memory pointers, specifically when memory allocation fails, allowing attackers to exploit the situation by submitting crafted PDB files. The exploitation may result in application crashes or the ability to write a single zero byte to previously freed memory, posing a significant risk to application stability and security.

Affected Version(s)

ImageMagick 0 < 7.1.2-15

ImageMagick 0 < 6.9.13-40

ImageMagick 7.1.2-15

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zerojackyi
.