Information Disclosure in ImageMagick Affects Various Versions
CVE-2026-61862

2.1LOW

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-61862?

ImageMagick versions prior to 7.1.2-26 and 6.9.13-51 are susceptible to an information disclosure vulnerability. When executing the identify command with debug output enabled, a non-printable profile value can allow a single byte at the end of the profile to be printed, potentially leaking sensitive information beyond the intended data boundaries. This presents significant security risks for users relying on the integrity of their image processing tasks.

Affected Version(s)

ImageMagick 0 < 7.1.2-26

ImageMagick 0 < 6.9.13-51

ImageMagick 7.1.2-26

References

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bin-infinite
.