Bug 2498999 (CVE-2026-56366) - CVE-2026-56366 ImageMagick: ImageMagick: Denial of Service via memory leak in APP1JPEG image processing
Summary: CVE-2026-56366 ImageMagick: ImageMagick: Denial of Service via memory leak in...
Keywords:
Status: NEW
Alias: CVE-2026-56366
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2499345 2499346
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-10 15:01 UTC by OSIDB Bzimport
Modified: 2026-07-11 09:06 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-10 15:01:25 UTC
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.


Note You need to log in before you can comment on or make changes to this bug.