CVE-2026-56366
Received Received - Intake

Memory Leak in ImageMagick via APP1JPEG Processing

Vulnerability report for CVE-2026-56366, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-18 (exc)
imagemagick imagemagick to 6.9.13-43 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-56366 is a memory leak vulnerability in ImageMagick versions before 7.1.2-18 and 6.9.13-43. It occurs in the META reader component when processing APP1JPEG input paths, specifically in an error handling scenario. Attackers can exploit this by providing specially crafted APP1JPEG image files, causing the program to improperly release memory after use.

This vulnerability is classified as CWE-401, which means it involves improper memory release, leading to a memory leak.

Impact Analysis

The primary impact of this vulnerability is a denial of service caused by resource exhaustion due to the memory leak. This means that the affected system's availability can be reduced as memory is consumed and not freed properly.

Confidentiality and integrity of data are not affected by this vulnerability.

Exploitation requires local access with low attack complexity and no privileges or user interaction.

Mitigation Strategies

To mitigate this vulnerability, you should update ImageMagick to version 7.1.2-18 or later (or 6.9.13-43 or later) where the memory leak in the META reader processing APP1JPEG input paths has been fixed.

Avoid processing untrusted or specially crafted APP1JPEG image files that could trigger the memory leak and cause denial of service through resource exhaustion.

Compliance Impact

This vulnerability causes a memory leak leading to denial of service through resource exhaustion, affecting availability but not confidentiality or integrity.

Since confidentiality and integrity are not impacted, the vulnerability has limited direct effect on compliance with standards like GDPR or HIPAA, which primarily focus on protecting personal data confidentiality and integrity.

However, the reduced availability caused by this issue could indirectly affect compliance if it disrupts systems critical for maintaining regulatory requirements or service availability.

Detection Guidance

This vulnerability is a memory leak in ImageMagick versions prior to 7.1.2-18 and 6.9.13-43 when processing specially crafted APP1JPEG image files. Detection typically involves identifying the presence of vulnerable ImageMagick versions on your system.

To detect if your system is vulnerable, you can check the installed ImageMagick version using the following command:

  • magick --version

If the version is earlier than 7.1.2-18 or 6.9.13-43, your system is potentially vulnerable.

Additionally, monitoring for abnormal memory usage or crashes when processing APP1JPEG images may indicate exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56366. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart