CVE-2026-56363 MEDIUM

CVE-2026-56363: ImageMagick - Division by Zero in Binomial Kernel Processing

Vendor Imagemagick
Product ImageMagick
Weakness CWE-190
Published June 30, 2026
Last update July 1, 2026

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.

Key dates

02Disclosure timeline

June 30, 2026 CVE published
July 1, 2026 Record updated