Information Disclosure in ImageMagick Affects Various Versions
CVE-2026-61862
2.1LOW
What is CVE-2026-61862?
ImageMagick versions prior to 7.1.2-26 and 6.9.13-51 are susceptible to an information disclosure vulnerability. When executing the identify command with debug output enabled, a non-printable profile value can allow a single byte at the end of the profile to be printed, potentially leaking sensitive information beyond the intended data boundaries. This presents significant security risks for users relying on the integrity of their image processing tasks.
Affected Version(s)
ImageMagick 0 < 7.1.2-26
ImageMagick 0 < 6.9.13-51
ImageMagick 7.1.2-26