{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-56371", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-06-21T02:05:21.920Z", "datePublished": "2026-06-23T12:13:04.085Z", "dateUpdated": "2026-06-24T15:44:24.102Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-23T12:13:04.085Z"}, "datePublic": "2026-02-23T00:00:00.000Z", "title": "ImageMagick - Memory Leak in TXT File Processing via Texture Attribute", "descriptions": [{"lang": "en", "value": "ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Missing Release of Memory after Effective Lifetime", "cweId": "CWE-401", "type": "CWE"}]}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "versionType": "semver", "lessThan": "7.1.2-15"}, {"version": "7.1.2-15", "status": "unaffected", "versionType": "semver"}]}, {"vendor": "ImageMagick", "product": "ImageMagick", "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "versionType": "semver", "lessThan": "6.9.13-40"}, {"version": "6.9.13-40", "status": "unaffected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1.2-15"}, {"vulnerable": true, "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9.13-40"}]}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE"}}, {"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE"}}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8", "name": "GitHub Security Advisory (GHSA-3q5f-gmjc-38r8)", "tags": ["vendor-advisory"]}, {"name": "VulnCheck Advisory: ImageMagick - Memory Leak in TXT File Processing via Texture Attribute", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-txt-file-processing-via-texture-attribute"}], "credits": [{"lang": "en", "value": "unbengable12", "type": "reporter"}], "x_generator": {"engine": "vulncheck-endgame"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-24T15:43:57.913723Z", "id": "CVE-2026-56371", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-24T15:44:24.102Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-56371", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-24T15:43:57.913723Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-24T15:44:01.011Z"}}], "cna": {"title": "ImageMagick - Memory Leak in TXT File Processing via Texture Attribute", "credits": [{"lang": "en", "type": "reporter", "value": "unbengable12"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 0, "attackVector": "NETWORK", "baseSeverity": "NONE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 0, "attackVector": "NETWORK", "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "0", "lessThan": "7.1.2-15", "versionType": "semver"}, {"status": "unaffected", "version": "7.1.2-15", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "0", "lessThan": "6.9.13-40", "versionType": "semver"}, {"status": "unaffected", "version": "6.9.13-40", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-23T00:00:00.000Z", "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8", "name": "GitHub Security Advisory (GHSA-3q5f-gmjc-38r8)", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-txt-file-processing-via-texture-attribute", "name": "VulnCheck Advisory: ImageMagick - Memory Leak in TXT File Processing via Texture Attribute", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck-endgame"}, "descriptions": [{"lang": "en", "value": "ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.1.2-15"}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.13-40"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-23T12:13:04.085Z"}}}, "cveMetadata": {"cveId": "CVE-2026-56371", "state": "PUBLISHED", "dateUpdated": "2026-06-24T15:44:24.102Z", "dateReserved": "2026-06-21T02:05:21.920Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-06-23T12:13:04.085Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service due to memory leak in TXT file processing", "id": "2491711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491711"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.", "A memory leak flaw was found in ImageMagick. Processing specially crafted TXT files with malicious texture attributes can exhaust system memory, allowing an attacker to cause a Denial of Service (DoS)."], "mitigation": {"lang": "en:us", "value": "If your application does not explicitly require rendering TXT files via ImageMagick, you should disable the vulnerable coder entirely. This removes the attack vector at the application layer. If ImageMagick is executed by a background service, worker queue, or web server (such as httpd or nginx), utilize systemd's control groups (cgroups) to isolate the process's memory pool. This ensures that if the leak is triggered, the Linux Out-Of-Memory (OOM) killer only terminates the offending worker rather than crashing the entire OS."}, "name": "CVE-2026-56371", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-06-23T12:13:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-56371\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-56371\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8\nhttps://www.vulncheck.com/advisories/imagemagick-memory-leak-in-txt-file-processing-via-texture-attribute"], "statement": "A moderate-impact memory leak in ImageMagick can cause a Denial of Service (DoS) if a user or automated system is tricked into processing a maliciously crafted TXT file.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.1.2-15,*]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.9.13-40,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "imagemagick", "vendor": "imagemagick"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.1.2-15,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.9.13-40,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "created": "2026-06-23T13:30:03.553939+00:00", "updated": "2026-06-25T02:45:16.038953+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}