CVE-2026-56376
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a use-after-free vulnerability in the meta coder. When memory allocation fails, a single byte is written to a stale pointer, potentially leading to denial of service.
Risk Assessment
Remote attackers can exploit this vulnerability by processing specially crafted image files, resulting in denial of service. This may affect the availability of applications using ImageMagick.
Recommendation
It is recommended to update ImageMagick to version 7.1.2-15 or 6.9.13-40 or later to mitigate this vulnerability.
Original NVD description (English source)
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service.

