{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-56376", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-06-21T02:05:47.495Z", "datePublished": "2026-06-23T12:13:04.795Z", "dateUpdated": "2026-06-23T13:06:10.787Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-23T12:13:04.795Z"}, "datePublic": "2026-02-23T00:00:00.000Z", "title": "ImageMagick - Heap Use-After-Free in Meta Coder", "descriptions": [{"lang": "en", "value": "ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use After Free", "cweId": "CWE-416", "type": "CWE"}]}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "versionType": "semver", "lessThan": "7.1.2-15"}, {"version": "7.1.2-15", "status": "unaffected", "versionType": "semver"}]}, {"vendor": "ImageMagick", "product": "ImageMagick", "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "versionType": "semver", "lessThan": "6.9.13-40"}, {"version": "6.9.13-40", "status": "unaffected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1.15"}, {"vulnerable": true, "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9.13-40"}]}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}, {"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW"}}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm", "name": "GitHub Security Advisory (GHSA-2gq3-ww97-wfjm)", "tags": ["vendor-advisory"]}, {"name": "VulnCheck Advisory: ImageMagick - Heap Use-After-Free in Meta Coder", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/imagemagick-heap-use-after-free-in-meta-coder"}], "credits": [{"lang": "en", "value": "ylwango613", "type": "reporter"}], "x_generator": {"engine": "vulncheck-endgame"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-23T13:06:03.212009Z", "id": "CVE-2026-56376", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T13:06:10.787Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-56376", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-23T13:06:03.212009Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T13:06:05.780Z"}}], "cna": {"title": "ImageMagick - Heap Use-After-Free in Meta Coder", "credits": [{"lang": "en", "type": "reporter", "value": "ylwango613"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "0", "lessThan": "7.1.2-15", "versionType": "semver"}, {"status": "unaffected", "version": "7.1.2-15", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": "0", "lessThan": "6.9.13-40", "versionType": "semver"}, {"status": "unaffected", "version": "6.9.13-40", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-23T00:00:00.000Z", "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm", "name": "GitHub Security Advisory (GHSA-2gq3-ww97-wfjm)", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/imagemagick-heap-use-after-free-in-meta-coder", "name": "VulnCheck Advisory: ImageMagick - Heap Use-After-Free in Meta Coder", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck-endgame"}, "descriptions": [{"lang": "en", "value": "ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "Use After Free"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "7.1.15"}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.13-40"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-23T12:13:04.795Z"}}}, "cveMetadata": {"cveId": "CVE-2026-56376", "state": "PUBLISHED", "dateUpdated": "2026-06-23T13:06:10.787Z", "dateReserved": "2026-06-21T02:05:47.495Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-06-23T12:13:04.795Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service via heap use-after-free vulnerability", "id": "2491704", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491704"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-825", "details": ["ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service.", "A flaw was found in ImageMagick. Remote attackers can exploit a heap use-after-free vulnerability in the meta coder by processing specially crafted image files. This can lead to a denial of service."], "mitigation": {"lang": "en:us", "value": "Since this vulnerability is isolated entirely within ImageMagick's meta coder, the mitigation is to disable that specific coder."}, "name": "CVE-2026-56376", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-06-23T12:13:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-56376\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-56376\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm\nhttps://www.vulncheck.com/advisories/imagemagick-heap-use-after-free-in-meta-coder"], "statement": "This ImageMagick flaw is rated as Low impact. A heap use-after-free vulnerability in the meta coder can lead to a denial of service when processing specially crafted image files. The impact is limited to availability, and the attack requires specific conditions, making successful exploitation less probable in typical Red Hat deployments unless processing untrusted images.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "7.1.2-15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "6.9.13-40"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "imagemagick", "vendor": "imagemagick"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "7.1.2-15"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "6.9.13-40"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "created": "2026-06-23T13:30:03.553485+00:00", "updated": "2026-06-25T03:00:10.930035+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}