CVE-2026-56362

CVE-2026-56362 is a low-severity vulnerability with a CVSS 3.x base score of 3.3. The underlying weakness is classified as CWE-125.

Key facts

Description

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.

Frequently asked questions

What is CVE-2026-56362?
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.
How severe is CVE-2026-56362?
CVE-2026-56362 has a CVSS 3.x base score of 3.3, rated low severity. It is exploitable over network with high attack complexity, requires high privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability low.
Is CVE-2026-56362 being actively exploited?
It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
How do I fix CVE-2026-56362?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2026-56362 published?
CVE-2026-56362 was published on 2026-07-08.

References

Other CWE-125 (Out-of-bounds Read) vulnerabilities

Browse all CWE-125 (Out-of-bounds Read) vulnerabilities →