Memory Leak Vulnerability in ImageMagick Affects Processing of VIFF Images
CVE-2026-61870
2.1LOW
What is CVE-2026-61870?
ImageMagick, prior to version 7.1.2-26, exhibits a memory leak issue within its VIFF encoder. This vulnerability arises when memory allocation fails due to specially crafted VIFF images that exploit this flaw, leading to potential exhaustion of available memory and subsequent denial of service. Attackers can leverage this vulnerability to disrupt service availability by continuously triggering allocation failures.
Affected Version(s)
ImageMagick 0 < 7.1.2-26
ImageMagick 0 < 6.9.13-51
ImageMagick 7.1.2-26