CVE-2026-56368

EUVD-2026-38755
ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Debian logo
Debian Releases
Debian Product
Codename
imagemagick
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
8:7.1.2.24+dfsg1-1
fixed
sid
8:7.1.2.25+dfsg1-2
fixed
trixie
no-dsa
trixie (security)
vulnerable
Common Weakness Enumeration
References
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc
https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-raw-pixel-data-coders