CVE-2026-56374
Severity CVSS v4.0:
MEDIUM
Type:
CWE-125
Out-of-bounds Read
Publication date:
08/07/2026
Last modified:
09/07/2026
Description
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure.
Impact
Base Score 4.0
4.80
Severity 4.0
MEDIUM
Base Score 3.x
3.30
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* | 7.1.2-19 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



