Bug 2499382 (CVE-2026-61857) - CVE-2026-61857 ImageMagick: ImageMagick: Application crashes via malicious XMP profiles
Summary: CVE-2026-61857 ImageMagick: ImageMagick: Application crashes via malicious XM...
Keywords:
Status: NEW
Alias: CVE-2026-61857
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2499401 2499402
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-11 14:02 UTC by OSIDB Bzimport
Modified: 2026-07-11 19:30 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-11 14:02:10 UTC
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes.


Note You need to log in before you can comment on or make changes to this bug.