Heap Use-After-Free Vulnerability in ImageMagick by ImageMagick
CVE-2026-61857

6.3MEDIUM

Key Information:

Vendor
CVE Published:
11 July 2026

What is CVE-2026-61857?

A heap use-after-free vulnerability exists in ImageMagick prior to version 7.1.2-26, resulting from a missing null check during the parsing of XMP profiles. This flaw allows attackers to create malicious image files embedded with harmful XMP data, leading to application crashes and potential exploitation. It's crucial for users of ImageMagick to apply the latest security updates to prevent any unauthorized access or disruption.

Affected Version(s)

ImageMagick 0 < 7.1.2-26

ImageMagick 0 < 6.9.13-51

ImageMagick 7.1.2-26

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rexpository
.