Heap Use-After-Free Vulnerability in ImageMagick by ImageMagick, Inc.
CVE-2026-56376

6.3MEDIUM

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 23 June 2026

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2026-56376?

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are susceptible to a heap use-after-free vulnerability within the meta coder component. This occurs when memory allocation fails and a byte is incorrectly written to a stale pointer. By submitting specially crafted image files, remote attackers can exploit this flaw, potentially leading to denial of service conditions.

Affected Version(s)

ImageMagick 0 < 7.1.2-15

ImageMagick 0 < 6.9.13-40

ImageMagick 7.1.2-15

References

https://github.com/ImageMagick/ImageMagick/security/advis...

vendor-advisory

https://www.vulncheck.com/advisories/imagemagick-heap-use...

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 21, 2026

Credit

ylwango613

CVE-2026-56376 Data

JSON