CVE-2026-61870
ImageMagick Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-61870 is a memory leak vulnerability in ImageMagick's VIFF (Visualization Image File Format) encoder that can lead to denial of service. When memory allocation fails during VIFF image encoding, allocated memory is not properly released, allowing attackers to exhaust available system memory by processing specially crafted VIFF images. The vulnerability affects ImageMagick versions before 7.1.2-26 and before 6.9.13-51. It was published on July 11, 2026, with a CVSS v3.1 base score of 2.9 (Low) and a CVSS v4.0 base score of 2.1 (Low) (GitHub Advisory, ImageMagick Advisory).

Détails techniques

The root cause is classified under CWE-401 (Missing Release of Memory after Effective Lifetime) and CWE-772 (Missing Release of Resource after Effective Lifetime): when a memory allocation fails within the VIFF encoder code path, the error-handling logic does not properly free previously allocated memory before returning (ImageMagick Advisory, GitHub Advisory). The attack vector is local (AV:L) with high attack complexity (AC:H) and requires specific attack prerequisites (AT:P), meaning an attacker must be able to supply a specially crafted VIFF image to an ImageMagick process. No privileges are required and no user interaction beyond the image processing operation is needed. No public proof-of-concept or technical write-up detailing the precise code location has been published at this time (Feedly).

Impact

Successful exploitation results in a low-severity availability impact: an attacker can cause memory exhaustion in the ImageMagick process, potentially crashing the service or degrading system performance. There is no impact on confidentiality or integrity, and the scope is unchanged, meaning the vulnerability does not enable lateral movement or privilege escalation beyond the affected ImageMagick instance (ImageMagick Advisory, Red Hat Bugzilla). Systems that automatically process user-supplied images (e.g., web applications using ImageMagick for image conversion) may be at higher risk of repeated exploitation leading to sustained denial of service.

Étapes d’exploitation

  1. Identify target: Locate a system running ImageMagick versions prior to 7.1.2-26 (or 6.9.13-51 for the 6.x branch) that processes VIFF image files, particularly services that accept user-supplied images for conversion or processing.
  2. Craft malicious VIFF image: Create a specially crafted VIFF image file designed to trigger memory allocation failures within the VIFF encoder code path during processing.
  3. Submit image for processing: Supply the crafted VIFF file to the target ImageMagick instance, either directly via command-line access or through an application that passes user-supplied files to ImageMagick (e.g., a web-based image upload/conversion service).
  4. Trigger memory leak: Each time ImageMagick processes the crafted image and encounters the allocation failure, memory is leaked rather than freed. Repeated submissions cause progressive memory exhaustion.
  5. Achieve denial of service: Continued processing of crafted images exhausts available system memory, causing the ImageMagick process or dependent service to crash or become unresponsive (ImageMagick Advisory, Red Hat Bugzilla).

Indicateurs de compromis

  • Process: Abnormal memory growth in the ImageMagick process (convert, magick) over time, particularly when processing VIFF-format files; repeated process crashes or OOM (out-of-memory) kills related to ImageMagick.
  • Logs: System logs (e.g., /var/log/syslog, /var/log/messages) showing OOM killer events targeting ImageMagick processes; application logs showing repeated failures or errors during VIFF image processing.
  • File System: Presence of unusual or malformed .viff or .vif files in directories used for image upload or processing queues.
  • Network: If ImageMagick is invoked via a web service, repeated HTTP requests submitting VIFF-format files to image processing endpoints from the same or rotating source IPs (Red Hat Bugzilla, ImageMagick Advisory).

Atténuation et solutions de contournement

Upgrade ImageMagick to version 7.1.2-26 or later (for the 7.x branch) or 6.9.13-51 or later (for the 6.x branch), which contain the fix for this memory leak (ImageMagick Advisory). As a workaround where upgrading is not immediately possible, restrict ImageMagick from processing VIFF image files by configuring ImageMagick's policy.xml to deny the VIFF format, or limit image processing to trusted sources only. Monitoring system memory usage during image processing operations can help detect potential exploitation attempts (Feedly).

Réactions de la communauté

The vulnerability received routine coverage from vulnerability tracking services and aggregators shortly after disclosure on July 11, 2026, including entries on VulnDB, CVEFeed, and INCIBE-CERT (Feedly). Red Hat opened a Bugzilla tracking entry and classified the issue as low severity (Red Hat Bugzilla). No notable researcher commentary, vendor statements beyond the official advisory, or significant social media discussion has been observed, consistent with the low severity rating of this vulnerability.

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté ImageMagick Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-61861MEDIUM6.3
  • ImageMagick logoImageMagick
  • ImageMagick-c++
NonOuiJul 11, 2026
CVE-2026-61857MEDIUM6.3
  • ImageMagick logoImageMagick
  • cpe:2.3:a:imagemagick:imagemagick
NonOuiJul 11, 2026
CVE-2026-61858MEDIUM4.8
  • ImageMagick logoImageMagick
  • ImageMagick-devel
NonOuiJul 11, 2026
CVE-2026-61465MEDIUM4.8
  • ImageMagick logoImageMagick
  • cpe:2.3:a:imagemagick:imagemagick
NonOuiJul 11, 2026
CVE-2026-61870LOW2.1
  • ImageMagick logoImageMagick
  • ImageMagick
NonOuiJul 11, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités