CVE-2026-56364
LowCVSS 1.9Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A memory leak vulnerability in ImageMagick before version 7.1.2-13 exists in the LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.
Risk Assessment
The risk is a potential denial-of-service attack through memory exhaustion, which can disrupt applications using ImageMagick for image processing. The attack requires write access to the OpenCL cache directory, limiting the attack vector, but it may be a real threat in shared environments.
Recommendation
Immediately update ImageMagick to version 7.1.2-13 or later. Additionally, restrict write permissions to the OpenCL cache directory to trusted users only.
Original NVD description (English source)
ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.

