CVE-2026-56378

LOW SEVERITY

CVSS Score & Metrics

Base Score

3.7 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte.

Vulnerability Details

Published Date

June 21, 2026

Last Modified

June 21, 2026

CWE ID

CWE-125

Source

NVD

Vendor

ImageMagick

Product

ImageMagick

External References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
https://www.vulncheck.com/advisories/imagemagick-heap-out-of-bounds-read-in-pcd-decoder

CVE-2026-56378

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment