CVE-2026-61862 PUBLISHED

ImageMagick before 7.1.2-26 Information Disclosure via identify

Assigner: VulnCheck
Reserved: 10.07.2026 Published: 15.07.2026 Updated: 15.07.2026

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed (read past the profile boundary). This behavior occurs when debug output is enabled.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 2.1

Product Status

Vendor ImageMagick
Product ImageMagick
Versions Default: unaffected
  • affected from 0 to 7.1.2-26 (excl.)
  • Version 7.1.2-26 is unaffected
Vendor ImageMagick
Product ImageMagick
Versions Default: unaffected
  • affected from 0 to 6.9.13-51 (excl.)
  • Version 6.9.13-51 is unaffected

Credits

  • Bin-infinite reporter

References

Problem Types

  • Out-of-bounds Read CWE