CVE-2026-56361 MEDIUM

CVE-2026-56361: ImageMagick - Heap Buffer Overflow via Off-by-One in Morphology Processing

Vendor Imagemagick
Product ImageMagick
Weakness CWE-125
Published June 30, 2026
Last update July 1, 2026

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.

Key dates

02Disclosure timeline

June 30, 2026 CVE published
July 1, 2026 Record updated