CVE-2026-56371
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
ImageMagick before versions 7.1.2-15 and 6.9.13-40 has a memory leak in coders/txt.c when processing TXT files with texture attributes. The texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.
Risk Assessment
The memory leak can lead to exhaustion of system resources, resulting in denial of service (DoS) for applications using ImageMagick to process images.
Recommendation
Immediately update ImageMagick to version 7.1.2-15 or later (for the 7 branch) and 6.9.13-40 or later (for the 6 branch).
Original NVD description (English source)
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.

