CVE-2026-56366: ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specia
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-56366
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-56366 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for ImageMagick
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- lowCVE-2026-56373: ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that us…nvd · 2026-07-10
- medium[UPDATE] [medium] ImageMagick: Multiple vulnerabilitiescert-bund · 2026-07-09
- low[UPDATE] [low] ImageMagick: Multiple vulnerabilities allow Denial of Servicecert-bund · 2026-07-09
- lowCVE-2026-56374: ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder …nvd · 2026-07-08
- lowCVE-2026-56362: ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelInde…nvd · 2026-07-08
- medium[UPDATE] [medium] ImageMagick: Multiple vulnerabilitiescert-bund · 2026-07-08
More from NVD Recent CVEs
- unknownCVE-2026-57828: The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload t…2026-07-11
- unknownCVE-2026-57827: The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that al…2026-07-11
- highCVE-2026-1359: The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized m…2026-07-11
- highCVE-2026-9282: The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up…2026-07-11
- mediumCVE-2026-9017: The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to autho…2026-07-11