ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 08 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex. | |
| Title | ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization | |
| First Time appeared |
Imagemagick
Imagemagick imagemagick |
|
| Weaknesses | CWE-125 | |
| CPEs | cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Imagemagick
Imagemagick imagemagick |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-08T13:49:04.142Z
Reserved: 2026-06-20T21:16:53.711Z
Link: CVE-2026-56362
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses