VDB

CVE-2026-56361

CVE-2026-56361 PUBLISHED CVSS 4.8 MEDIUM

Reported by VulnCheck · Published June 30, 2026

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.

Risk Scores

CVSS 4.0
4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
ImageMagickImageMagick0, 7.1.2-19
ImageMagickImageMagick0, 6.9.13-44
imagemagickimagemagick0, 0, 0
ImageMagickImageMagick0, 7.1.2-19, 0

Timeline

  • Jun 30, 2026 CVE Published
  • Jul 1, 2026 EPSS Score
  • Jul 1, 2026 Coalition ESS Score
  • Jul 1, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›