Memory Allocation Issue in ImageMagick by ImageMagick Studio LLC
CVE-2026-61465

4.8MEDIUM

Key Information:

Vendor
CVE Published:
11 July 2026

What is CVE-2026-61465?

The vulnerability in ImageMagick prior to version 7.1.2-26 and 6.9.13-51 reveals a flaw where the software fails to enforce memory allocation limits during matrix-backed operations. An attacker can exploit this by submitting a specially crafted image which bypasses the configured memory limits, leading to potential denial of service. This flaw demonstrates the importance of proper memory allocation checks to prevent resource exhaustion and maintain service availability.

Affected Version(s)

ImageMagick 0 < 7.1.2-26

ImageMagick 0 < 6.9.13-51

ImageMagick 7.1.2-26

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rexpository
.