ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion.

Project Subscriptions

Vendors Products
Imagemagick Subscribe
Imagemagick Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 16 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

threat_severity

Low


Wed, 15 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Jul 2026 12:00:00 +0000

Type Values Removed Values Added
Description ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion.
Title ImageMagick before 7.1.2-26 Memory Leak in JNG encoder
First Time appeared Imagemagick
Imagemagick imagemagick
Weaknesses CWE-401
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Vendors & Products Imagemagick
Imagemagick imagemagick
References
Metrics cvssV3_1

{'score': 2.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-15T17:54:18.204Z

Reserved: 2026-07-10T21:53:55.769Z

Link: CVE-2026-61866

cve-icon Vulnrichment

Updated: 2026-07-15T17:54:14.140Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-07-15T11:25:51Z

Links: CVE-2026-61866 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-15T21:00:05Z

Weaknesses