Heap Use-After-Free Vulnerability in ImageMagick by ImageMagick
CVE-2026-61857
6.3MEDIUM
What is CVE-2026-61857?
A heap use-after-free vulnerability exists in ImageMagick prior to version 7.1.2-26, resulting from a missing null check during the parsing of XMP profiles. This flaw allows attackers to create malicious image files embedded with harmful XMP data, leading to application crashes and potential exploitation. It's crucial for users of ImageMagick to apply the latest security updates to prevent any unauthorized access or disruption.
Affected Version(s)
ImageMagick 0 < 7.1.2-26
ImageMagick 0 < 6.9.13-51
ImageMagick 7.1.2-26