Use-After-Free Vulnerability in ImageMagick by ImageMagick
CVE-2026-61860

6.3MEDIUM

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-61860?

An issue in ImageMagick prior to versions 7.1.2-26 and 6.9.13-51 allows for a use-after-free vulnerability. This flaw arises during the initialization failure of freetype, where the affected method fails to terminate and erroneously continues to reference memory that has been previously freed. This vulnerability can be exploited during image processing, potentially resulting in a denial of service, rendering the application unresponsive.

Affected Version(s)

ImageMagick 0 < 7.1.2-26

ImageMagick 0 < 6.9.13-51

ImageMagick 7.1.2-26

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RigelYoung
.