CVE-2026-56364 PUBLISHED

ImageMagick - Memory Leak in LoadOpenCLDeviceBenchmark() via Malformed XML

Assigner: VulnCheck
Reserved: 20.06.2026 Published: 30.06.2026 Updated: 01.07.2026

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS Score: 1.8

Product Status

Vendor ImageMagick
Product ImageMagick
Versions Default: unaffected
  • affected from 0 to 7.1.2-13 (excl.)
  • Version 7.1.2-13 is unaffected

Credits

  • Keryer reporter

References

Problem Types

  • Missing Release of Memory after Effective Lifetime CWE