Memory Leak Vulnerability in ImageMagick Affects Processing of VIFF Images
CVE-2026-61870

2.1LOW

Key Information:

Vendor
CVE Published:
11 July 2026

What is CVE-2026-61870?

ImageMagick, prior to version 7.1.2-26, exhibits a memory leak issue within its VIFF encoder. This vulnerability arises when memory allocation fails due to specially crafted VIFF images that exploit this flaw, leading to potential exhaustion of available memory and subsequent denial of service. Attackers can leverage this vulnerability to disrupt service availability by continuously triggering allocation failures.

Affected Version(s)

ImageMagick 0 < 7.1.2-26

ImageMagick 0 < 6.9.13-51

ImageMagick 7.1.2-26

References

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.