Memory leak in ImageMagick - #VU135678

 

Memory leak in ImageMagick - #VU135678

Published: June 29, 2026


Vulnerability identifier: #VU135678
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: ImageMagick.org
Affected software:
ImageMagick

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to missing release of memory after effective lifetime in the color transformation to log colorspace operation when transforming an image to the log colorspace and the operation fails. A remote attacker can trigger a failed image transformation to cause a denial of service.


Remediation

Install security update from vendor's website.

Sources