CVE-2026-56365 MEDIUM

CVE-2026-56365: ImageMagick - Memory Leak in PNG Encoder via MNG Image Writing

Vendor Imagemagick
Product ImageMagick
Weakness CWE-401
Published June 30, 2026
Last update July 1, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

Key dates

02Disclosure timeline

June 30, 2026 CVE published
July 1, 2026 Record updated