
PEACH
Un cadre d’isolation des locataires
CVE-2026-61465 is a denial-of-service vulnerability in ImageMagick caused by a missing memory allocation limit check in matrix-backed image processing operations such as -canny. Affected versions include ImageMagick before 7.1.2-26 (7.x branch) and before 6.9.13-51 (6.9.x branch). The vulnerability was published on July 11, 2026, with the original security advisory (GHSA-rvhp-75f6-9jqh) credited to reporter rexpository and published by maintainer dlemstra on June 26, 2026. It carries a CVSS v3.1 base score of 3.3 (Low) and a CVSS v4.0 base score of 4.8 (Medium) (GitHub Advisory, ImageMagick Advisory, Red Hat Bugzilla).
The root cause is classified as CWE-770 (Allocation of Resources Without Limits or Throttling), with additional weaknesses noted as CWE-284 (Improper Access Control) and CWE-400 (Uncontrolled Resource Consumption). Matrix-backed operations in ImageMagick — such as the -canny edge detection filter — fail to enforce the memory allocation limits defined in the application's security policy, allowing unbounded memory allocation during image processing. An attacker exploits this by supplying a specially crafted image file that, when processed by a vulnerable ImageMagick instance, triggers excessive memory allocation beyond the configured policy ceiling. Exploitation requires local access and user interaction (i.e., a user or automated process must open or process the malicious image) (ImageMagick Advisory, GitHub Advisory).
Successful exploitation results in a denial-of-service condition, causing ImageMagick to exhaust available system memory and become unresponsive or crash. There is no impact on confidentiality or data integrity — the vulnerability is limited to availability. Systems that use ImageMagick for automated image processing pipelines (e.g., web applications, media servers) are at elevated risk if they process untrusted user-supplied images (ImageMagick Advisory, Red Hat Bugzilla).
-canny.convert malicious.png -canny 0x1+10%+30% output.png), which bypasses the configured memory allocation policy.convert, magick) consuming abnormally high memory when processing specific image files, particularly those invoking -canny or other matrix-backed operations./var/log/syslog, dmesg) showing OOM (Out of Memory) killer events triggered by ImageMagick processes; application logs showing ImageMagick crashes or unexpected terminations.Upgrade ImageMagick to version 7.1.2-26 or later (7.x branch) or 6.9.13-51 or later (6.9.x branch) to remediate the vulnerability. As interim mitigations, enforce OS-level memory limits on ImageMagick processes using tools such as ulimit or cgroups to constrain maximum memory usage. Restrict access to ImageMagick processing capabilities to trusted users or processes where possible, and avoid processing untrusted user-supplied images with matrix-backed operations until patched (ImageMagick Advisory, Red Hat Bugzilla).
The vulnerability received routine coverage across vulnerability tracking platforms including VulnDB, VulnCheck, INCIBE-CERT, and OSV shortly after disclosure. Red Hat opened a tracking bug (BZ#2499374) and classified it as medium severity. No notable researcher commentary or significant community discussion has been observed beyond standard vulnerability database entries (Red Hat Bugzilla).
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."