Heap Out-of-Bounds Read Vulnerability in ImageMagick Software
CVE-2026-56378

6.3MEDIUM

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 21 June 2026

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2026-56378?

ImageMagick versions prior to 7.1.2-15 and 6.x before 6.9.13-40 are susceptible to a heap out-of-bounds read vulnerability found in the PCD coder's DecodeImage loop. By using a specially crafted PCD file, an attacker could leverage this vulnerability to reveal adjacent heap data or potentially disrupt service during image decoding, posing a risk to applications relying on ImageMagick for image processing.

Affected Version(s)

ImageMagick 0 < 7.1.2-15

ImageMagick 0 < 6.9.13-40

ImageMagick 7.1.2-15

References

https://github.com/ImageMagick/ImageMagick/security/advis...

vendor-advisory

https://www.vulncheck.com/advisories/imagemagick-heap-out...

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2026
Vulnerability Reserved
Jun 21, 2026

Credit

ylwango613

CVE-2026-56378 Data

JSON