CVE-2026-61866 PUBLISHED

ImageMagick before 7.1.2-26 Memory Leak in JNG encoder

Assigner: VulnCheck
Reserved: 10.07.2026 Published: 15.07.2026 Updated: 15.07.2026

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS Score: 2.1

Product Status

Vendor ImageMagick
Product ImageMagick
Versions Default: unaffected
  • affected from 0 to 7.1.2-26 (excl.)
  • Version 7.1.2-26 is unaffected

References

Problem Types

  • Missing Release of Memory after Effective Lifetime CWE