CVE-2026-61870
Received Received - Intake

Memory Leak in ImageMagick VIFF Encoder

Vulnerability report for CVE-2026-61870, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-26 (exc)
image_magick image_magick to 7.1.2-26 (exc)
image_magick image_magick to 6.9.13-51 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-61870 is a memory leak vulnerability in the VIFF encoder of ImageMagick versions before 7.1.2-26 and 6.9.13-51. This vulnerability occurs when memory allocation fails during the processing of specially crafted VIFF images. The issue causes the program to leak memory, meaning it does not properly release allocated memory, which can eventually exhaust available memory.

Exploiting this vulnerability requires local access and has a high attack complexity. It does not require privileges or user interaction. The vulnerability primarily affects the availability of the system by potentially causing a denial of service.

Impact Analysis

This vulnerability can impact you by causing a denial of service condition. When an attacker processes specially crafted VIFF images, they can trigger memory allocation failures that lead to memory leaks. Over time, this exhausts the available memory, potentially causing the ImageMagick service or application to become unresponsive or crash.

The impact is limited to availability, with no effect on confidentiality or integrity of data.

Detection Guidance

This vulnerability involves a memory leak in the VIFF encoder of ImageMagick when processing specially crafted VIFF images. Detection would involve monitoring for unusual memory usage or crashes related to ImageMagick processes handling VIFF images.

Since the vulnerability requires local access and high attack complexity, direct network detection is unlikely. Instead, system administrators can check the version of ImageMagick installed to determine if it is vulnerable.

Suggested commands to detect the vulnerability include checking the ImageMagick version:

  • magick -version

If the version is prior to 7.1.2-26 or 6.9.13-51, the system is vulnerable.

Additionally, monitoring system logs and resource usage for memory exhaustion or crashes when processing VIFF images may help detect exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to a patched version that resolves the vulnerability.

  • Upgrade ImageMagick to version 7.1.2-26 or later, or 6.9.13-51 or later.

Since the vulnerability requires local access and high attack complexity, restricting local access to trusted users and limiting the processing of untrusted VIFF images can reduce risk.

  • Restrict local access to systems running vulnerable ImageMagick versions.
  • Avoid processing untrusted or specially crafted VIFF images.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61870. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart