Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1630 vulnerabilities by imagemagick

    CVE-2026-61872 (GCVE-0-2026-61872)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:24
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak via TIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Bin-infinite
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61872",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:19:56.001975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:24:51.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bin-infinite"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:55.435Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h5r4-w88w-7ccr)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak via TIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-via-tiff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak via TIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61872",
        "datePublished": "2026-07-15T11:25:55.435Z",
        "dateReserved": "2026-07-10T21:54:26.760Z",
        "dateUpdated": "2026-07-15T13:24:51.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61871 (GCVE-0-2026-61871)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:04
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in ICON decoder
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61871",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:04:43.342098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:04:51.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:54.748Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h58x-r7f7-rh84)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in ICON decoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-icon-decoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in ICON decoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61871",
        "datePublished": "2026-07-15T11:25:54.748Z",
        "dateReserved": "2026-07-10T21:54:26.760Z",
        "dateUpdated": "2026-07-15T12:04:51.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61869 (GCVE-0-2026-61869)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 18:03
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in MIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Bin-infinite
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:59:48.208684Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T18:03:42.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bin-infinite"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:54.057Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-r628-69v2-2f9c)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in MIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-miff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in MIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61869",
        "datePublished": "2026-07-15T11:25:54.057Z",
        "dateReserved": "2026-07-10T21:54:26.759Z",
        "dateUpdated": "2026-07-15T18:03:42.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61868 (GCVE-0-2026-61868)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:51
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in YUV Decoder
    Summary
    ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial of service).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:50:59.884171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:51:10.322Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial of service)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:53.358Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h7f2-f9cc-h2gv)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in YUV Decoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-yuv-decoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in YUV Decoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61868",
        "datePublished": "2026-07-15T11:25:53.358Z",
        "dateReserved": "2026-07-10T21:54:26.759Z",
        "dateUpdated": "2026-07-15T13:51:10.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61867 (GCVE-0-2026-61867)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:21
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61867",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:21:34.843793Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:21:43.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:52.678Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-jfq9-q63x-rc63)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-tiff-encoder-2"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61867",
        "datePublished": "2026-07-15T11:25:52.678Z",
        "dateReserved": "2026-07-10T21:54:26.759Z",
        "dateUpdated": "2026-07-15T12:21:43.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61866 (GCVE-0-2026-61866)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 17:54
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in JNG encoder
    Summary
    ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61866",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:54:08.966518Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T17:54:18.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:51.999Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-99w9-hv66-rfv7)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in JNG encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-jng-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in JNG encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61866",
        "datePublished": "2026-07-15T11:25:51.999Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T17:54:18.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61865 (GCVE-0-2026-61865)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:25
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in Hough Lines
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:19:57.884399Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:25:02.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:51.311Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-j8rh-v2r8-v94x)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in Hough Lines",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-hough-lines"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in Hough Lines",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61865",
        "datePublished": "2026-07-15T11:25:51.311Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T13:25:02.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61864 (GCVE-0-2026-61864)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:09
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Bin-infinite
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:07:45.568072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:09:45.303Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bin-infinite"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:50.648Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-7c7m-fpjw-gwcq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7c7m-fpjw-gwcq"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-log-colorspace"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61864",
        "datePublished": "2026-07-15T11:25:50.648Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T12:09:45.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61863 (GCVE-0-2026-61863)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 17:42
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61863",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:42:20.391150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T17:42:28.945Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:49.962Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-6vxp-gfwf-hcr9)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-tiff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61863",
        "datePublished": "2026-07-15T11:25:49.962Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T17:42:28.945Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61862 (GCVE-0-2026-61862)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:51
    VLAI
    Title
    ImageMagick before 7.1.2-26 Information Disclosure via identify
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed (read past the profile boundary). This behavior occurs when debug output is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Bin-infinite
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:51:29.324231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:51:41.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bin-infinite"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed (read past the profile boundary). This behavior occurs when debug output is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:49.276Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-hwf3-r46v-5ggx)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Information Disclosure via identify",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-information-disclosure-via-identify"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Information Disclosure via identify",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61862",
        "datePublished": "2026-07-15T11:25:49.276Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T13:51:41.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61860 (GCVE-0-2026-61860)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:22
    VLAI
    Title
    ImageMagick before 7.1.2-26 Use-After-Free via freetype
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    RigelYoung
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:22:09.832264Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:22:16.832Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "RigelYoung"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:48.586Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-6jwg-7q3p-5fqm)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6jwg-7q3p-5fqm"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Use-After-Free via freetype",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-use-after-free-via-freetype"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Use-After-Free via freetype",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61860",
        "datePublished": "2026-07-15T11:25:48.586Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T12:22:16.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61859 (GCVE-0-2026-61859)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 17:56
    VLAI
    Title
    ImageMagick before 7.1.2-26 Policy Bypass via script operation
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    rexpository
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:55:59.238431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T17:56:16.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "rexpository"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:47:04.341Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-vghg-5jrg-2398)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vghg-5jrg-2398"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Policy Bypass via script operation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-policy-bypass-via-script-operation"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Policy Bypass via script operation",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61859",
        "datePublished": "2026-07-15T11:25:47.918Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T17:56:16.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61464 (GCVE-0-2026-61464)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:25
    VLAI
    Title
    ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corruption and denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Kwstubbs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61464",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:19:59.960415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:25:15.287Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Kwstubbs"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corruption and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 1,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:47:03.664Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-76q6-2p6h-xjqr)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-76q6-2p6h-xjqr"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-heap-buffer-over-write-via-x11"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61464",
        "datePublished": "2026-07-15T11:25:47.202Z",
        "dateReserved": "2026-07-09T14:07:55.625Z",
        "dateUpdated": "2026-07-15T13:25:15.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56375 (GCVE-0-2026-56375)

    Vulnerability from nvd – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:21
    VLAI
    Title
    ImageMagick - Memory Leak in ASHLAR Coder Action Failure
    Summary
    ImageMagick through 7.1.2-18 contains a memory leak vulnerability in the ASHLAR coder when an action fails. Attackers can trigger failed actions to exhaust memory resources and cause denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , ≤ 7.1.2-18 (semver)
    Create a notification for this product.
    Date Public
    2026-03-24 00:00
    Credits
    unbengable12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:20:47.791156Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:21:07.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.2-18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.1.2-18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "unbengable12"
            }
          ],
          "datePublic": "2026-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick through 7.1.2-18 contains a memory leak vulnerability in the ASHLAR coder when an action fails. Attackers can trigger failed actions to exhaust memory resources and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:30.028Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-6p22-q7w5-33pg)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6p22-q7w5-33pg"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in ASHLAR Coder Action Failure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-ashlar-coder-action-failure"
            }
          ],
          "title": "ImageMagick - Memory Leak in ASHLAR Coder Action Failure",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56375",
        "datePublished": "2026-07-15T11:25:30.028Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-15T12:21:07.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61870 (GCVE-0-2026-61870)

    Vulnerability from nvd – Published: 2026-07-11 13:01 – Updated: 2026-07-13 16:09
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T16:09:14.622804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T16:09:19.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:09.995Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-m596-67p7-69wh)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-via-viff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61870",
        "datePublished": "2026-07-11T13:01:09.995Z",
        "dateReserved": "2026-07-10T21:54:26.760Z",
        "dateUpdated": "2026-07-13T16:09:19.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61861 (GCVE-0-2026-61861)

    Vulnerability from nvd – Published: 2026-07-11 13:01 – Updated: 2026-07-13 15:07
    VLAI
    Title
    ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption
    Summary
    ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    RigelYoung
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T15:07:48.985607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T15:07:54.308Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "RigelYoung"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:09.306Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qvxh-prvr-85w2)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-use-after-free-in-formatmagickcaption"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61861",
        "datePublished": "2026-07-11T13:01:09.306Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-13T15:07:54.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61872 (GCVE-0-2026-61872)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:24
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak via TIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Bin-infinite
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61872",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:19:56.001975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:24:51.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bin-infinite"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:55.435Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h5r4-w88w-7ccr)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak via TIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-via-tiff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak via TIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61872",
        "datePublished": "2026-07-15T11:25:55.435Z",
        "dateReserved": "2026-07-10T21:54:26.760Z",
        "dateUpdated": "2026-07-15T13:24:51.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61871 (GCVE-0-2026-61871)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:04
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in ICON decoder
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61871",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:04:43.342098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:04:51.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:54.748Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h58x-r7f7-rh84)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in ICON decoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-icon-decoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in ICON decoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61871",
        "datePublished": "2026-07-15T11:25:54.748Z",
        "dateReserved": "2026-07-10T21:54:26.760Z",
        "dateUpdated": "2026-07-15T12:04:51.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61869 (GCVE-0-2026-61869)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 18:03
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in MIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Bin-infinite
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:59:48.208684Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T18:03:42.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bin-infinite"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:54.057Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-r628-69v2-2f9c)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in MIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-miff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in MIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61869",
        "datePublished": "2026-07-15T11:25:54.057Z",
        "dateReserved": "2026-07-10T21:54:26.759Z",
        "dateUpdated": "2026-07-15T18:03:42.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61868 (GCVE-0-2026-61868)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:51
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in YUV Decoder
    Summary
    ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial of service).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:50:59.884171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:51:10.322Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial of service)."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:53.358Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-h7f2-f9cc-h2gv)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in YUV Decoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-yuv-decoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in YUV Decoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61868",
        "datePublished": "2026-07-15T11:25:53.358Z",
        "dateReserved": "2026-07-10T21:54:26.759Z",
        "dateUpdated": "2026-07-15T13:51:10.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61867 (GCVE-0-2026-61867)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:21
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61867",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:21:34.843793Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:21:43.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:52.678Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-jfq9-q63x-rc63)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-tiff-encoder-2"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61867",
        "datePublished": "2026-07-15T11:25:52.678Z",
        "dateReserved": "2026-07-10T21:54:26.759Z",
        "dateUpdated": "2026-07-15T12:21:43.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61866 (GCVE-0-2026-61866)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 17:54
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in JNG encoder
    Summary
    ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61866",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:54:08.966518Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T17:54:18.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:51.999Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-99w9-hv66-rfv7)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in JNG encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-jng-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in JNG encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61866",
        "datePublished": "2026-07-15T11:25:51.999Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T17:54:18.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61865 (GCVE-0-2026-61865)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:25
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in Hough Lines
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:19:57.884399Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:25:02.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:51.311Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-j8rh-v2r8-v94x)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in Hough Lines",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-hough-lines"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in Hough Lines",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61865",
        "datePublished": "2026-07-15T11:25:51.311Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T13:25:02.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61864 (GCVE-0-2026-61864)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:09
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Bin-infinite
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:07:45.568072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:09:45.303Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bin-infinite"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:50.648Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-7c7m-fpjw-gwcq)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7c7m-fpjw-gwcq"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-log-colorspace"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61864",
        "datePublished": "2026-07-15T11:25:50.648Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T12:09:45.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61863 (GCVE-0-2026-61863)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 17:42
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61863",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:42:20.391150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T17:42:28.945Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:49.962Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-6vxp-gfwf-hcr9)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-tiff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61863",
        "datePublished": "2026-07-15T11:25:49.962Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T17:42:28.945Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61862 (GCVE-0-2026-61862)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:51
    VLAI
    Title
    ImageMagick before 7.1.2-26 Information Disclosure via identify
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed (read past the profile boundary). This behavior occurs when debug output is enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Bin-infinite
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:51:29.324231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:51:41.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Bin-infinite"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed (read past the profile boundary). This behavior occurs when debug output is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:49.276Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-hwf3-r46v-5ggx)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Information Disclosure via identify",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-information-disclosure-via-identify"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Information Disclosure via identify",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61862",
        "datePublished": "2026-07-15T11:25:49.276Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T13:51:41.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61860 (GCVE-0-2026-61860)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:22
    VLAI
    Title
    ImageMagick before 7.1.2-26 Use-After-Free via freetype
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    RigelYoung
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:22:09.832264Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:22:16.832Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "RigelYoung"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:48.586Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-6jwg-7q3p-5fqm)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6jwg-7q3p-5fqm"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Use-After-Free via freetype",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-use-after-free-via-freetype"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Use-After-Free via freetype",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61860",
        "datePublished": "2026-07-15T11:25:48.586Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T12:22:16.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61859 (GCVE-0-2026-61859)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 17:56
    VLAI
    Title
    ImageMagick before 7.1.2-26 Policy Bypass via script operation
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    rexpository
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:55:59.238431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T17:56:16.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "rexpository"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:47:04.341Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-vghg-5jrg-2398)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vghg-5jrg-2398"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Policy Bypass via script operation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-policy-bypass-via-script-operation"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Policy Bypass via script operation",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61859",
        "datePublished": "2026-07-15T11:25:47.918Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-15T17:56:16.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61464 (GCVE-0-2026-61464)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 13:25
    VLAI
    Title
    ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corruption and denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    Kwstubbs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-61464",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T13:19:59.960415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:25:15.287Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Kwstubbs"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corruption and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 1,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:47:03.664Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-76q6-2p6h-xjqr)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-76q6-2p6h-xjqr"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-heap-buffer-over-write-via-x11"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61464",
        "datePublished": "2026-07-15T11:25:47.202Z",
        "dateReserved": "2026-07-09T14:07:55.625Z",
        "dateUpdated": "2026-07-15T13:25:15.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56375 (GCVE-0-2026-56375)

    Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 12:21
    VLAI
    Title
    ImageMagick - Memory Leak in ASHLAR Coder Action Failure
    Summary
    ImageMagick through 7.1.2-18 contains a memory leak vulnerability in the ASHLAR coder when an action fails. Attackers can trigger failed actions to exhaust memory resources and cause denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , ≤ 7.1.2-18 (semver)
    Create a notification for this product.
    Date Public
    2026-03-24 00:00
    Credits
    unbengable12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T12:20:47.791156Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T12:21:07.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThanOrEqual": "7.1.2-18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.1.2-18",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "unbengable12"
            }
          ],
          "datePublic": "2026-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick through 7.1.2-18 contains a memory leak vulnerability in the ASHLAR coder when an action fails. Attackers can trigger failed actions to exhaust memory resources and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T11:25:30.028Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-6p22-q7w5-33pg)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6p22-q7w5-33pg"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in ASHLAR Coder Action Failure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-ashlar-coder-action-failure"
            }
          ],
          "title": "ImageMagick - Memory Leak in ASHLAR Coder Action Failure",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56375",
        "datePublished": "2026-07-15T11:25:30.028Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-15T12:21:07.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }