CVE-2026-56371

ImageMagick - Memory Leak in TXT File Processing via Texture Attribute

Published: 6/23/2026 Last updated: 6/24/2026 Reserved: 6/21/2026

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.

CNA assigner: VulnCheck (83251b91-4cc7-4094-a5c7-464a1b83ea10) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
4.0	0	No	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
3.1	0	No	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (4)

Product	Vendor	Version
ImageMagick	ImageMagick	Service Pack 2
ImageMagick	ImageMagick	Service Pack 1
ImageMagick	ImageMagick	<= 1.4.0
ImageMagick	ImageMagick	= 7.21

References (4)

Credits (2)

2 unbengable12
2 unbengable12