Memory Leak Vulnerability in ImageMagick's YUV Decoder Affecting Multiple Versions
CVE-2026-61868
6.3MEDIUM
What is CVE-2026-61868?
The ImageMagick software contains a memory leak in its YUV decoder that can be triggered when attempting to open a blob fails. This vulnerability, present in versions prior to 7.1.2-26 and 6.9.x before 6.9.13-51, allows attackers to leverage repeated triggers to exhaust system resources, potentially resulting in a denial of service condition. Users are advised to upgrade to the latest versions to mitigate this issue.
Affected Version(s)
ImageMagick 0 < 7.1.2-26
ImageMagick 0 < 6.9.13-51
ImageMagick 7.1.2-26