CVE Catalog

CVE-2026-56371

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

ImageMagick before versions 7.1.2-15 and 6.9.13-40 has a memory leak in coders/txt.c when processing TXT files with texture attributes. The texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.

Risk Assessment

The memory leak can lead to exhaustion of system resources, resulting in denial of service (DoS) for applications using ImageMagick to process images.

Recommendation

Immediately update ImageMagick to version 7.1.2-15 or later (for the 7 branch) and 6.9.13-40 or later (for the 6 branch).

Original NVD description (English source)

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS