PT-2026-57444 · Imagemagick · Imagemagick

Rexpository

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-61857

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes.

Fix

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61857

Affected Products

Imagemagick