CVE-2026-61865
Received Received - Intake

Memory Leak in ImageMagick Image Processing

Vulnerability report for CVE-2026-61865, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: VulnCheck

Description

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-07-15
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-26 (exc)
imagemagick imagemagick to 6.9.13-51 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability has low severity and minimal impact. It may cause gradual memory exhaustion on the system running ImageMagick, potentially leading to degraded performance or crashes if the memory leak accumulates over time.

Executive Summary

ImageMagick before versions 7.1.2-26 and 6.9.13-51 has a memory leak in the hough lines operation. When a specific operation fails, a small amount of memory is not released properly, leading to gradual memory consumption over time.

Compliance Impact

This vulnerability is unlikely to significantly impact compliance with GDPR or HIPAA as it has low severity, requires local access, and does not directly lead to data breaches or unauthorized access.

Detection Guidance

This vulnerability is specific to ImageMagick versions before 7.1.2-26 and 6.9.13-51. To detect it, check the installed version of ImageMagick using the command: convert --version or magick --version. If the version is below the patched releases, the system is vulnerable.

Mitigation Strategies

Upgrade ImageMagick to version 7.1.2-26 or later for the 7.x branch, or 6.9.13-51 or later for the 6.x branch. This addresses the memory leak in the Hough lines operation. Monitor system memory usage for leaks after processing images with ImageMagick.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61865. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart