CVE-2026-61857
Received Received - Intake

Heap Use-After-Free in ImageMagick Due to Missing XMP Null Check

Vulnerability report for CVE-2026-61857, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-26 (exc)
image_magick image_magick to 7.1.2-26 (exc)
image_magick image_magick to 6.9.13-51 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap use-after-free issue in ImageMagick versions before 7.1.2-26. It happens because the software does not properly check for null values when parsing XMP profiles in image files. Attackers can create malicious images with specially crafted XMP data that trigger this flaw, causing the application to crash.

Impact Analysis

The main impact of this vulnerability is that it can cause the ImageMagick application to crash, affecting the availability of the service or system using it. Exploiting this flaw does not require any privileges or user interaction, but the attack complexity is high. The vulnerability primarily affects availability and could lead to denial of service.

Detection Guidance

This vulnerability is triggered by processing malicious image files containing specially crafted XMP data that cause a heap use-after-free and application crashes.

Detection can involve monitoring for crashes or abnormal behavior in ImageMagick when handling image files, especially those with XMP profiles.

There are no specific commands provided in the resources to detect this vulnerability directly.

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to version 7.1.2-26 or later, where this heap use-after-free vulnerability has been fixed.

Until the upgrade can be applied, avoid processing untrusted or suspicious image files containing XMP profiles to reduce the risk of triggering the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61857. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart