Memory Leak Vulnerability in ImageMagick's JNG Encoder
CVE-2026-61866

2.1LOW

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-61866?

A vulnerability exists in ImageMagick before version 7.1.2-26, where the JNG encoder is susceptible to a memory leak. This vulnerability arises when attackers deliver malformed JNG files that fail during blob operations, leading to resource exhaustion. By exploiting this issue, malicious actors can cause significant disruptions to system performance and resource availability.

Affected Version(s)

ImageMagick 0 < 7.1.2-26

ImageMagick 7.1.2-26

References

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.