Use-After-Free Vulnerability in ImageMagick by ImageMagick Studio LLC
CVE-2026-61861
6.3MEDIUM
What is CVE-2026-61861?
A use-after-free vulnerability exists in ImageMagick prior to version 7.1.2-26, specifically within the FormatMagickCaption method. This vulnerability arises when memory allocation fails, leading to a dangling pointer that references previously freed memory. Attackers can exploit this flaw to potentially execute arbitrary code or trigger a denial of service, impacting system stability and security.
Affected Version(s)
ImageMagick 0 < 7.1.2-26
ImageMagick 0 < 6.9.13-51
ImageMagick 7.1.2-26