CVE-2026-61857
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
11/07/2026
Last modified:
11/07/2026
Description
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes.
Impact
Base Score 4.0
6.30
Severity 4.0
MEDIUM
Base Score 3.x
3.70
Severity 3.x
LOW



