DEBIAN-CVE-2026-56366

Source
https://security-tracker.debian.org/tracker/CVE-2026-56366
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56366.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-56366
Upstream
Published
2026-07-10T15:16:43.217Z
Modified
2026-07-14T10:00:14.637876367Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.

References

Affected packages

Debian:11 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source&distro=bullseye

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.9.11.60+dfsg-1.3+deb11u15

Affected versions

8:6.*
8:6.9.11.60+dfsg-1.3
8:6.9.11.60+dfsg-1.3+deb11u1
8:6.9.11.60+dfsg-1.3+deb11u2
8:6.9.11.60+dfsg-1.3+deb11u3
8:6.9.11.60+dfsg-1.3+deb11u4
8:6.9.11.60+dfsg-1.3+deb11u5
8:6.9.11.60+dfsg-1.3+deb11u6
8:6.9.11.60+dfsg-1.3+deb11u7
8:6.9.11.60+dfsg-1.3+deb11u8
8:6.9.11.60+dfsg-1.3+deb11u9
8:6.9.11.60+dfsg-1.3+deb11u10
8:6.9.11.60+dfsg-1.3+deb11u11
8:6.9.11.60+dfsg-1.3+deb11u12
8:6.9.11.60+dfsg-1.3+deb11u13
8:6.9.11.60+dfsg-1.3+deb11u14

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56366.json"

Debian:12 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source&distro=bookworm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.9.11.60+dfsg-1.6+deb12u12

Affected versions

8:6.*
8:6.9.11.60+dfsg-1.6
8:6.9.11.60+dfsg-1.6+deb12u1
8:6.9.11.60+dfsg-1.6+deb12u2
8:6.9.11.60+dfsg-1.6+deb12u3
8:6.9.11.60+dfsg-1.6+deb12u4
8:6.9.11.60+dfsg-1.6+deb12u5
8:6.9.11.60+dfsg-1.6+deb12u6
8:6.9.11.60+dfsg-1.6+deb12u7
8:6.9.11.60+dfsg-1.6+deb12u8
8:6.9.11.60+dfsg-1.6+deb12u9
8:6.9.11.60+dfsg-1.6+deb12u10
8:6.9.11.60+dfsg-1.6+deb12u11

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56366.json"

Debian:13 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:7.*
8:7.1.1.43+dfsg1-1
8:7.1.1.43+dfsg1-1+deb13u1
8:7.1.1.43+dfsg1-1+deb13u2
8:7.1.1.43+dfsg1-1+deb13u3
8:7.1.1.43+dfsg1-1+deb13u4
8:7.1.1.43+dfsg1-1+deb13u5
8:7.1.1.43+dfsg1-1+deb13u6
8:7.1.1.43+dfsg1-1+deb13u7
8:7.1.1.43+dfsg1-1+deb13u8
8:7.1.1.43+dfsg1-1+deb13u9
8:7.1.1.43+dfsg1-1+deb13u10
8:7.1.1.43+dfsg1-1+deb13u11
8:7.1.1.46+dfsg1-1
8:7.1.1.47+dfsg1-1
8:7.1.1.47+dfsg1-2
8:7.1.2.1+dfsg1-1
8:7.1.2.3+dfsg1-1
8:7.1.2.7+dfsg1-1
8:7.1.2.8+dfsg1-1
8:7.1.2.12+dfsg1-1
8:7.1.2.13+dfsg1-1
8:7.1.2.15+dfsg1-1
8:7.1.2.15+dfsg1-2
8:7.1.2.16+dfsg1-1
8:7.1.2.18+dfsg1-1
8:7.1.2.19+dfsg1-1
8:7.1.2.21+dfsg1-1
8:7.1.2.23+dfsg1-1
8:7.1.2.24+dfsg1-1
8:7.1.2.25+dfsg1-1
8:7.1.2.25+dfsg1-2
8:7.1.2.26+dfsg1-1
8:7.1.2.27+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56366.json"

Debian:14 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:7.1.2.18+dfsg1-1

Affected versions

8:7.*
8:7.1.1.43+dfsg1-1
8:7.1.1.46+dfsg1-1
8:7.1.1.47+dfsg1-1
8:7.1.1.47+dfsg1-2
8:7.1.2.1+dfsg1-1
8:7.1.2.3+dfsg1-1
8:7.1.2.7+dfsg1-1
8:7.1.2.8+dfsg1-1
8:7.1.2.12+dfsg1-1
8:7.1.2.13+dfsg1-1
8:7.1.2.15+dfsg1-1
8:7.1.2.15+dfsg1-2
8:7.1.2.16+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-56366.json"