CVE-2026-61867
Received Received - Intake

Memory Leak in ImageMagick TIFF Encoder

Vulnerability report for CVE-2026-61867, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: VulnCheck

Description

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-07-15
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-26 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in ImageMagick's TIFF encoder that occurs when memory allocation fails. It affects versions before 7.1.2-26 and is caused by not releasing memory after use, leading to exhaustion and denial of service.

Impact Analysis

The main impact is denial of service due to memory exhaustion. It requires local access and high complexity to exploit but does not affect confidentiality or integrity of data.

Compliance Impact

This vulnerability primarily impacts availability and does not directly affect confidentiality or integrity. Compliance impact would depend on system downtime causing violations of service level agreements or availability requirements.

Detection Guidance

To detect this vulnerability, check the installed version of ImageMagick using the command: convert --version or identify --version. If the version is below 7.1.2-26, the system is vulnerable.

Mitigation Strategies

Immediately update ImageMagick to version 7.1.2-26 or later. If updating is not possible, disable TIFF image processing in ImageMagick by modifying the policy.xml file to restrict TIFF operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61867. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart