CVE Catalog

CVE-2026-56370

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A vulnerability in ImageMagick before version 7.1.2-19 allows out-of-bounds access in the ConnectedComponentsImage() function when processing connected-components artifacts with invalid indices. Attackers can trigger access violations via CLI, leading to denial of service or potential code execution.

Risk Assessment

The risk includes the possibility of remotely causing system crashes or taking control of the image-processing application, potentially disrupting critical services.

Recommendation

It is recommended to immediately update ImageMagick to version 7.1.2-19 or later and restrict CLI access to unauthorized users.

Original NVD description (English source)

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS