Wiz
Base de données de vulnérabilitésCVE-2026-56368

CVE-2026-56368
C# Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-56368 is a memory leak vulnerability in ImageMagick affecting multiple coders that write raw pixel data, where allocated objects are not properly freed after use. It affects ImageMagick versions before 7.1.2-15 (7.x branch) and before 6.9.13-40 (6.x branch). The vulnerability was published on June 24, 2026, and was originally disclosed via a GitHub Security Advisory (GHSA-wfx3-6g53-9fgc) credited to researcher ylwango613. It carries a CVSS v3.1 base score of 3.7 (Low) and a CVSS v4.0 base score of 6.3 (Medium) (GitHub Advisory, VulnCheck).

Détails techniques

The vulnerability is classified as CWE-401 (Missing Release of Memory after Effective Lifetime), where memory allocated during raw pixel data writing operations in multiple ImageMagick coders is never freed. Specifically, a direct leak of 160 bytes in one object has been identified as allocated but not released during the affected coder operations. An attacker can trigger this leak by submitting a specially crafted image file for processing — no authentication or user interaction is required, though exploitation requires high attack complexity (e.g., specific conditions or timing). The attack vector is network-based, meaning the vulnerability can be triggered remotely wherever ImageMagick processes user-supplied images (GitHub Advisory).

Impact

Successful exploitation causes gradual memory exhaustion on the affected host, ultimately resulting in a denial of service condition. There is no impact on confidentiality or integrity — the vulnerability is limited to availability. In environments where ImageMagick processes high volumes of user-supplied images (e.g., web applications, media pipelines), repeated triggering of the leak could degrade or crash the service over time (GitHub Advisory, VulnCheck).

Atténuation et solutions de contournement

Users should upgrade to ImageMagick 7.1.2-15 or later (for the 7.x branch) or 6.9.13-40 or later (for the 6.x branch), which contain the fix for this memory leak. No configuration-based workarounds have been published. As an interim measure, operators can limit or sandbox ImageMagick's processing of untrusted images to reduce exposure until patching is feasible (GitHub Advisory, VulnCheck).

Ressources additionnelles

SourceCe rapport a été généré à l’aide de l’IA

Apparenté C# Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-48109HIGH8.2
  • C#C#
  • MessagePack
NonOuiJun 22, 2026
CVE-2026-54784HIGH7.4
  • C#C#
  • CoreWCF.Primitives
NonOuiJun 19, 2026
CVE-2026-54783HIGH7.4
  • C#C#
  • CoreWCF.Primitives
NonOuiJun 19, 2026
CVE-2026-56370NONEN/A
  • C#C#
  • Magick.NET-Q8-OpenMP-x64
NonOuiJun 25, 2026
CVE-2026-56368NONEN/A
  • C#C#
  • imagemagick
NonOuiJun 25, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Ressources Wiz supplémentaires

PEACH

PEACH

Un cadre d’isolation des locataires

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités
Demander une démo