Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1580 vulnerabilities found for ImageMagick by ImageMagick

    CVE-2026-55628 (GCVE-0-2026-55628)

    Vulnerability from nvd – Published: 2026-07-01 18:16 – Updated: 2026-07-01 18:34
    VLAI
    Title
    ImageMagick: Policy Bypass in concatenate operation due to missing checks
    Summary
    In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    • CWE-862 - Missing Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55628",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T18:34:24.518609Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T18:34:34.320Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:16:23.076Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7"
            }
          ],
          "source": {
            "advisory": "GHSA-82mp-vp5c-9pf7",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Policy Bypass in concatenate operation due to missing checks"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55628",
        "datePublished": "2026-07-01T18:16:23.076Z",
        "dateReserved": "2026-06-16T23:52:12.055Z",
        "dateUpdated": "2026-07-01T18:34:34.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55597 (GCVE-0-2026-55597)

    Vulnerability from nvd – Published: 2026-07-01 19:03 – Updated: 2026-07-01 19:21
    VLAI
    Title
    ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:20:56.190744Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:21:38.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682: Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T19:03:29.911Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4"
            }
          ],
          "source": {
            "advisory": "GHSA-c4v7-w88g-m6c4",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55597",
        "datePublished": "2026-07-01T19:03:29.911Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-01T19:21:38.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55595 (GCVE-0-2026-55595)

    Vulnerability from nvd – Published: 2026-07-01 19:00 – Updated: 2026-07-01 19:00
    VLAI
    Title
    ImageMagick: Infinite Loop in connected-components when providing invalid arguments
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T19:00:31.074Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h"
            }
          ],
          "source": {
            "advisory": "GHSA-qhmf-7fc4-8q3h",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Infinite Loop in connected-components when providing invalid arguments"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55595",
        "datePublished": "2026-07-01T19:00:31.074Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-01T19:00:31.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55594 (GCVE-0-2026-55594)

    Vulnerability from nvd – Published: 2026-07-01 18:58 – Updated: 2026-07-01 18:58
    VLAI
    Title
    ImageMagick: Stack Overflow in MVG decoder due to missing depth check.
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-674 - Uncontrolled Recursion
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674: Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:58:46.046Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf"
            }
          ],
          "source": {
            "advisory": "GHSA-mx48-2qq3-23hf",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Stack Overflow in MVG decoder due to missing depth check."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55594",
        "datePublished": "2026-07-01T18:58:46.046Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-01T18:58:46.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55577 (GCVE-0-2026-55577)

    Vulnerability from nvd – Published: 2026-07-01 18:56 – Updated: 2026-07-01 19:24
    VLAI
    Title
    ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    • CWE-755 - Improper Handling of Exceptional Conditions
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55577",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:24:24.858753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:24:45.452Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755: Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:56:28.768Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p"
            }
          ],
          "source": {
            "advisory": "GHSA-wx47-rm3x-jx6p",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55577",
        "datePublished": "2026-07-01T18:56:28.768Z",
        "dateReserved": "2026-06-16T23:11:20.215Z",
        "dateUpdated": "2026-07-01T19:24:45.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55510 (GCVE-0-2026-55510)

    Vulnerability from nvd – Published: 2026-07-01 18:53 – Updated: 2026-07-01 19:21
    VLAI
    Title
    ImageMagick: Use-After-Free in crafted 8BIM when identifying an image
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55510",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:21:31.578490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:21:37.355Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:55:04.567Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw"
            }
          ],
          "source": {
            "advisory": "GHSA-ff5c-8x9r-8qcw",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Use-After-Free in crafted 8BIM when identifying an image"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55510",
        "datePublished": "2026-07-01T18:53:58.567Z",
        "dateReserved": "2026-06-16T22:44:22.283Z",
        "dateUpdated": "2026-07-01T19:21:37.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53467 (GCVE-0-2026-53467)

    Vulnerability from nvd – Published: 2026-07-01 18:50 – Updated: 2026-07-01 19:27
    VLAI
    Title
    ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 6.9.13-51
    Affected: >= 7.0.1-0, < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:26:55.818775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:27:13.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908: Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:50:56.821Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg"
            }
          ],
          "source": {
            "advisory": "GHSA-8g53-9m3c-69xg",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53467",
        "datePublished": "2026-07-01T18:50:56.821Z",
        "dateReserved": "2026-06-09T16:31:21.495Z",
        "dateUpdated": "2026-07-01T19:27:13.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53466 (GCVE-0-2026-53466)

    Vulnerability from nvd – Published: 2026-07-01 18:20 – Updated: 2026-07-01 18:52
    VLAI
    Title
    ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-681 - Incorrect Conversion between Numeric Types
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 6.9.13-51
    Affected: >= 7.0.1-0, < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T18:50:58.614982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T18:52:17.717Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-681",
                  "description": "CWE-681: Incorrect Conversion between Numeric Types",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:20:44.416Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m"
            }
          ],
          "source": {
            "advisory": "GHSA-pjxj-pchx-4c3m",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53466",
        "datePublished": "2026-07-01T18:20:44.416Z",
        "dateReserved": "2026-06-09T16:31:21.495Z",
        "dateUpdated": "2026-07-01T18:52:17.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56377 (GCVE-0-2026-56377)

    Vulnerability from nvd – Published: 2026-06-30 22:08 – Updated: 2026-07-01 14:55
    VLAI
    Title
    ImageMagick - Policy Bypass via Incorrect Path Validation
    Summary
    ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-24 (semver)
    Unaffected: 7.1.2-24 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-48 (semver)
    Unaffected: 6.9.13-48 (semver)
    Create a notification for this product.
    Date Public
    2026-05-30 00:00
    Credits
    sondt99
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:55:12.976900Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:55:29.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-24",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-48",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-48",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-24",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-48",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "sondt99"
            }
          ],
          "datePublic": "2026-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:39.614Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-gm48-c7f2-v67p)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Policy Bypass via Incorrect Path Validation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-policy-bypass-via-incorrect-path-validation"
            }
          ],
          "title": "ImageMagick - Policy Bypass via Incorrect Path Validation",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56377",
        "datePublished": "2026-06-30T22:08:39.614Z",
        "dateReserved": "2026-06-21T02:05:47.495Z",
        "dateUpdated": "2026-07-01T14:55:29.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56369 (GCVE-0-2026-56369)

    Vulnerability from nvd – Published: 2026-06-30 22:08 – Updated: 2026-07-01 15:07
    VLAI
    Title
    ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage
    Summary
    ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-323 - Reusing a Nonce, Key Pair in Encryption
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-22 (semver)
    Unaffected: 7.1.2-22 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-47 (semver)
    Unaffected: 6.9.13-47 (semver)
    Create a notification for this product.
    Date Public
    2026-05-16 00:00
    Credits
    007bsd LuiginoC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:06:08.535426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:07:57.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-22",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-47",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-47",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-22",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-47",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "007bsd"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "LuiginoC"
            }
          ],
          "datePublic": "2026-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-323",
                  "description": "Reusing a Nonce, Key Pair in Encryption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:38.920Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qv2q-c278-pch5)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch5"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-information-disclosure-via-aes-ctr-nonce-reuse-in-passkeyencipherimage"
            }
          ],
          "title": "ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56369",
        "datePublished": "2026-06-30T22:08:38.920Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-01T15:07:57.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56365 (GCVE-0-2026-56365)

    Vulnerability from nvd – Published: 2026-06-30 22:08 – Updated: 2026-07-01 13:16
    VLAI
    Title
    ImageMagick - Memory Leak in PNG Encoder via MNG Image Writing
    Summary
    ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-44 (semver)
    Unaffected: 6.9.13-44 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:16:02.735899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:16:12.822Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-44",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-44",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-44",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:38.238Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-x928-4434-crqj)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in PNG Encoder via MNG Image Writing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-png-encoder-via-mng-image-writing"
            }
          ],
          "title": "ImageMagick - Memory Leak in PNG Encoder via MNG Image Writing",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56365",
        "datePublished": "2026-06-30T22:08:38.238Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-01T13:16:12.822Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56364 (GCVE-0-2026-56364)

    Vulnerability from nvd – Published: 2026-06-30 22:08 – Updated: 2026-07-01 13:50
    VLAI
    Title
    ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML
    Summary
    ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-13 (semver)
    Unaffected: 7.1.2-13 (semver)
    Create a notification for this product.
    Date Public
    2026-01-19 00:00
    Credits
    Keryer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56364",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:50:11.200657Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:50:14.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-13",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-13",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Keryer"
            }
          ],
          "datePublic": "2026-01-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:37.521Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qp59-x883-77qv)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv"
            },
            {
              "name": "https://github.com/ImageMagick/ImageMagick/commit/a52c1b402be08ef8ae193f28ac5b2e120f2fa26f",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/commit/a52c1b402be08ef8ae193f28ac5b2e120f2fa26f"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-loadopencldevicebenchmark-via-malformed-xml"
            }
          ],
          "title": "ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56364",
        "datePublished": "2026-06-30T22:08:37.521Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-01T13:50:14.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56363 (GCVE-0-2026-56363)

    Vulnerability from nvd – Published: 2026-06-30 22:08 – Updated: 2026-07-01 14:46
    VLAI
    Title
    ImageMagick - Division by Zero in Binomial Kernel Processing
    Summary
    ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-22 (semver)
    Unaffected: 7.1.2-22 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-47 (semver)
    Unaffected: 6.9.13-47 (semver)
    Create a notification for this product.
    Date Public
    2026-05-16 00:00
    Credits
    007bsd
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:46:29.446673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:46:38.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-22",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-47",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-47",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-22",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-47",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "007bsd"
            }
          ],
          "datePublic": "2026-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:36.839Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-vf33-6r7x-66xx)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vf33-6r7x-66xx"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Division by Zero in Binomial Kernel Processing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-division-by-zero-in-binomial-kernel-processing"
            }
          ],
          "title": "ImageMagick - Division by Zero in Binomial Kernel Processing",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56363",
        "datePublished": "2026-06-30T22:08:36.839Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-01T14:46:38.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56361 (GCVE-0-2026-56361)

    Vulnerability from nvd – Published: 2026-06-30 22:08 – Updated: 2026-07-01 14:28
    VLAI
    Title
    ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing
    Summary
    ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-44 (semver)
    Unaffected: 6.9.13-44 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    shitianyu-2004
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:43:38.671271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:28:19.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-44",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-44",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-44",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "shitianyu-2004"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:36.159Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-q8h3-jv9v-57qx)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-via-off-by-one-in-morphology-processing"
            }
          ],
          "title": "ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56361",
        "datePublished": "2026-06-30T22:08:36.159Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-01T14:28:19.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56370 (GCVE-0-2026-56370)

    Vulnerability from nvd – Published: 2026-06-24 11:53 – Updated: 2026-06-25 13:20
    VLAI
    Title
    ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact
    Summary
    ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-44 (semver)
    Unaffected: 6.9.13-44 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T13:20:24.893673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T13:20:32.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-44",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-44",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-44",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T11:53:21.113Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-pmpg-6pww-fg6q)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-out-of-bounds-access-in-connectedcomponentsimage-via-connected-components-artifact"
            }
          ],
          "title": "ImageMagick - Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56370",
        "datePublished": "2026-06-24T11:53:21.113Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-06-25T13:20:32.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56368 (GCVE-0-2026-56368)

    Vulnerability from nvd – Published: 2026-06-24 11:53 – Updated: 2026-06-24 13:40
    VLAI
    Title
    ImageMagick - Memory Leak in Raw Pixel Data Coders
    Summary
    ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-15 (semver)
    Unaffected: 7.1.2-15 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-40 (semver)
    Unaffected: 6.9.13-40 (semver)
    Create a notification for this product.
    Date Public
    2026-02-23 00:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T13:37:57.353115Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T13:40:10.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-40",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-40",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-15",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-40",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T11:53:20.423Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-wfx3-6g53-9fgc)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in Raw Pixel Data Coders",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-raw-pixel-data-coders"
            }
          ],
          "title": "ImageMagick - Memory Leak in Raw Pixel Data Coders",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56368",
        "datePublished": "2026-06-24T11:53:20.423Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-06-24T13:40:10.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55597 (GCVE-0-2026-55597)

    Vulnerability from cvelistv5 – Published: 2026-07-01 19:03 – Updated: 2026-07-01 19:21
    VLAI
    Title
    ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:20:56.190744Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:21:38.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682: Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T19:03:29.911Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4"
            }
          ],
          "source": {
            "advisory": "GHSA-c4v7-w88g-m6c4",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55597",
        "datePublished": "2026-07-01T19:03:29.911Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-01T19:21:38.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55595 (GCVE-0-2026-55595)

    Vulnerability from cvelistv5 – Published: 2026-07-01 19:00 – Updated: 2026-07-01 19:00
    VLAI
    Title
    ImageMagick: Infinite Loop in connected-components when providing invalid arguments
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T19:00:31.074Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h"
            }
          ],
          "source": {
            "advisory": "GHSA-qhmf-7fc4-8q3h",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Infinite Loop in connected-components when providing invalid arguments"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55595",
        "datePublished": "2026-07-01T19:00:31.074Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-01T19:00:31.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55594 (GCVE-0-2026-55594)

    Vulnerability from cvelistv5 – Published: 2026-07-01 18:58 – Updated: 2026-07-01 18:58
    VLAI
    Title
    ImageMagick: Stack Overflow in MVG decoder due to missing depth check.
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-674 - Uncontrolled Recursion
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674: Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:58:46.046Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf"
            }
          ],
          "source": {
            "advisory": "GHSA-mx48-2qq3-23hf",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Stack Overflow in MVG decoder due to missing depth check."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55594",
        "datePublished": "2026-07-01T18:58:46.046Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-01T18:58:46.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55577 (GCVE-0-2026-55577)

    Vulnerability from cvelistv5 – Published: 2026-07-01 18:56 – Updated: 2026-07-01 19:24
    VLAI
    Title
    ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    • CWE-755 - Improper Handling of Exceptional Conditions
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55577",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:24:24.858753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:24:45.452Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755: Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:56:28.768Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p"
            }
          ],
          "source": {
            "advisory": "GHSA-wx47-rm3x-jx6p",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55577",
        "datePublished": "2026-07-01T18:56:28.768Z",
        "dateReserved": "2026-06-16T23:11:20.215Z",
        "dateUpdated": "2026-07-01T19:24:45.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55510 (GCVE-0-2026-55510)

    Vulnerability from cvelistv5 – Published: 2026-07-01 18:53 – Updated: 2026-07-01 19:21
    VLAI
    Title
    ImageMagick: Use-After-Free in crafted 8BIM when identifying an image
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55510",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:21:31.578490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:21:37.355Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:55:04.567Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw"
            }
          ],
          "source": {
            "advisory": "GHSA-ff5c-8x9r-8qcw",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Use-After-Free in crafted 8BIM when identifying an image"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55510",
        "datePublished": "2026-07-01T18:53:58.567Z",
        "dateReserved": "2026-06-16T22:44:22.283Z",
        "dateUpdated": "2026-07-01T19:21:37.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53467 (GCVE-0-2026-53467)

    Vulnerability from cvelistv5 – Published: 2026-07-01 18:50 – Updated: 2026-07-01 19:27
    VLAI
    Title
    ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 6.9.13-51
    Affected: >= 7.0.1-0, < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:26:55.818775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:27:13.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908: Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:50:56.821Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg"
            }
          ],
          "source": {
            "advisory": "GHSA-8g53-9m3c-69xg",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53467",
        "datePublished": "2026-07-01T18:50:56.821Z",
        "dateReserved": "2026-06-09T16:31:21.495Z",
        "dateUpdated": "2026-07-01T19:27:13.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53466 (GCVE-0-2026-53466)

    Vulnerability from cvelistv5 – Published: 2026-07-01 18:20 – Updated: 2026-07-01 18:52
    VLAI
    Title
    ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-681 - Incorrect Conversion between Numeric Types
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 6.9.13-51
    Affected: >= 7.0.1-0, < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T18:50:58.614982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T18:52:17.717Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-681",
                  "description": "CWE-681: Incorrect Conversion between Numeric Types",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:20:44.416Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m"
            }
          ],
          "source": {
            "advisory": "GHSA-pjxj-pchx-4c3m",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53466",
        "datePublished": "2026-07-01T18:20:44.416Z",
        "dateReserved": "2026-06-09T16:31:21.495Z",
        "dateUpdated": "2026-07-01T18:52:17.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55628 (GCVE-0-2026-55628)

    Vulnerability from cvelistv5 – Published: 2026-07-01 18:16 – Updated: 2026-07-01 18:34
    VLAI
    Title
    ImageMagick: Policy Bypass in concatenate operation due to missing checks
    Summary
    In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    • CWE-862 - Missing Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55628",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T18:34:24.518609Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T18:34:34.320Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:16:23.076Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7"
            }
          ],
          "source": {
            "advisory": "GHSA-82mp-vp5c-9pf7",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Policy Bypass in concatenate operation due to missing checks"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55628",
        "datePublished": "2026-07-01T18:16:23.076Z",
        "dateReserved": "2026-06-16T23:52:12.055Z",
        "dateUpdated": "2026-07-01T18:34:34.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56377 (GCVE-0-2026-56377)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:08 – Updated: 2026-07-01 14:55
    VLAI
    Title
    ImageMagick - Policy Bypass via Incorrect Path Validation
    Summary
    ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-24 (semver)
    Unaffected: 7.1.2-24 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-48 (semver)
    Unaffected: 6.9.13-48 (semver)
    Create a notification for this product.
    Date Public
    2026-05-30 00:00
    Credits
    sondt99
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:55:12.976900Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:55:29.511Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-24",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-48",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-48",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-24",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-48",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "sondt99"
            }
          ],
          "datePublic": "2026-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:39.614Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-gm48-c7f2-v67p)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Policy Bypass via Incorrect Path Validation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-policy-bypass-via-incorrect-path-validation"
            }
          ],
          "title": "ImageMagick - Policy Bypass via Incorrect Path Validation",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56377",
        "datePublished": "2026-06-30T22:08:39.614Z",
        "dateReserved": "2026-06-21T02:05:47.495Z",
        "dateUpdated": "2026-07-01T14:55:29.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56369 (GCVE-0-2026-56369)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:08 – Updated: 2026-07-01 15:07
    VLAI
    Title
    ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage
    Summary
    ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-323 - Reusing a Nonce, Key Pair in Encryption
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-22 (semver)
    Unaffected: 7.1.2-22 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-47 (semver)
    Unaffected: 6.9.13-47 (semver)
    Create a notification for this product.
    Date Public
    2026-05-16 00:00
    Credits
    007bsd LuiginoC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:06:08.535426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:07:57.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-22",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-47",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-47",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-22",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-47",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "007bsd"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "LuiginoC"
            }
          ],
          "datePublic": "2026-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-323",
                  "description": "Reusing a Nonce, Key Pair in Encryption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:38.920Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qv2q-c278-pch5)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch5"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-information-disclosure-via-aes-ctr-nonce-reuse-in-passkeyencipherimage"
            }
          ],
          "title": "ImageMagick - Information Disclosure via AES-CTR Nonce Reuse in PasskeyEncipherImage",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56369",
        "datePublished": "2026-06-30T22:08:38.920Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-01T15:07:57.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56365 (GCVE-0-2026-56365)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:08 – Updated: 2026-07-01 13:16
    VLAI
    Title
    ImageMagick - Memory Leak in PNG Encoder via MNG Image Writing
    Summary
    ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-44 (semver)
    Unaffected: 6.9.13-44 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:16:02.735899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:16:12.822Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-44",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-44",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-44",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:38.238Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-x928-4434-crqj)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in PNG Encoder via MNG Image Writing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-png-encoder-via-mng-image-writing"
            }
          ],
          "title": "ImageMagick - Memory Leak in PNG Encoder via MNG Image Writing",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56365",
        "datePublished": "2026-06-30T22:08:38.238Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-01T13:16:12.822Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56364 (GCVE-0-2026-56364)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:08 – Updated: 2026-07-01 13:50
    VLAI
    Title
    ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML
    Summary
    ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-13 (semver)
    Unaffected: 7.1.2-13 (semver)
    Create a notification for this product.
    Date Public
    2026-01-19 00:00
    Credits
    Keryer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56364",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:50:11.200657Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:50:14.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-13",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-13",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Keryer"
            }
          ],
          "datePublic": "2026-01-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:37.521Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qp59-x883-77qv)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv"
            },
            {
              "name": "https://github.com/ImageMagick/ImageMagick/commit/a52c1b402be08ef8ae193f28ac5b2e120f2fa26f",
              "tags": [
                "patch"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/commit/a52c1b402be08ef8ae193f28ac5b2e120f2fa26f"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-loadopencldevicebenchmark-via-malformed-xml"
            }
          ],
          "title": "ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56364",
        "datePublished": "2026-06-30T22:08:37.521Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-01T13:50:14.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56363 (GCVE-0-2026-56363)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:08 – Updated: 2026-07-01 14:46
    VLAI
    Title
    ImageMagick - Division by Zero in Binomial Kernel Processing
    Summary
    ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-22 (semver)
    Unaffected: 7.1.2-22 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-47 (semver)
    Unaffected: 6.9.13-47 (semver)
    Create a notification for this product.
    Date Public
    2026-05-16 00:00
    Credits
    007bsd
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T14:46:29.446673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:46:38.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-22",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-47",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-47",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-22",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-47",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "007bsd"
            }
          ],
          "datePublic": "2026-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:36.839Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-vf33-6r7x-66xx)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vf33-6r7x-66xx"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Division by Zero in Binomial Kernel Processing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-division-by-zero-in-binomial-kernel-processing"
            }
          ],
          "title": "ImageMagick - Division by Zero in Binomial Kernel Processing",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56363",
        "datePublished": "2026-06-30T22:08:36.839Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-01T14:46:38.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56361 (GCVE-0-2026-56361)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:08 – Updated: 2026-07-01 14:28
    VLAI
    Title
    ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing
    Summary
    ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-44 (semver)
    Unaffected: 6.9.13-44 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    shitianyu-2004
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:43:38.671271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T14:28:19.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-44",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-44",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-44",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "shitianyu-2004"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:08:36.159Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-q8h3-jv9v-57qx)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-via-off-by-one-in-morphology-processing"
            }
          ],
          "title": "ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56361",
        "datePublished": "2026-06-30T22:08:36.159Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-01T14:28:19.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }