« List of all CVEs

CVE-2026-61861

ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption

Published: 7/11/2026 Last updated: 7/13/2026 Reserved: 7/10/2026

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution.

CNA assigner: VulnCheck (83251b91-4cc7-4094-a5c7-464a1b83ea10) Requested by: n/a

Metrics

Version Score Severity Vector String
4.0 6.3 Medium CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3.1 3.7 Low CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (4)

Product Vendor Version
ImageMagick ImageMagick < publication
ImageMagick ImageMagick < publication
ImageMagick ImageMagick < 6.1.6
ImageMagick ImageMagick 2.8.3 and prior versions in addition to 2.9.5

References (4)

Credits (2)