PatchSiren cyber security CVE debrief
CVE-2026-61866 ImageMagick CVE debrief
A low-severity vulnerability was found in ImageMagick before version 7.1.2-26, which can cause a memory leak when handling malformed JNG files. The vulnerability has a CVSS score of 2.1 and is classified as CWE-401. The vulnerability affects the JNG encoder and can be triggered by providing malformed JNG files that fail blob operations, causing resource exhaustion. Users of ImageMagick before version 7.1.2-26 should be aware of this vulnerability and take steps to mitigate it. The vulnerability was reported by an unknown source, and its severity is low, but users should still take steps to mitigate the vulnerability.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-15
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-15
- Advisory updated
- 2026-07-16
Who should care
Users of ImageMagick before version 7.1.2-26 should be aware of this vulnerability and take steps to mitigate it. The vulnerability affects operators who use ImageMagick, platform administrators who manage ImageMagick deployments, and security teams who monitor vulnerability disclosures. Users should review their deployments and assess their exposure to this vulnerability.
Technical summary
The vulnerability is caused by a memory leak in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion. The vulnerability affects ImageMagick before version 7.1.2-26 and has a CVSS score of 2.1, indicating a low severity. The vulnerability is classified as CWE-401, and users should review official advisories for affected scope and vendor guidance.
Defensive priority
Low priority, but users should still take steps to mitigate the vulnerability. Users should review official advisories and assess their exposure to this vulnerability.
Recommended defensive actions
- Update ImageMagick to version 7.1.2-26 or later
- Validate and sanitize JNG files before processing
- Monitor system resources for potential memory exhaustion
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability was reported by an unknown source and is classified as CWE-401. The CVSS score is 2.1, indicating a low severity. The vulnerability affects ImageMagick before version 7.1.2-26 and can cause a memory leak when handling malformed JNG files. The memory leak occurs in the JNG encoder when a blob cannot be opened, and attackers can trigger it by providing malformed JNG files that fail blob operations, causing resource exhaustion. Users should verify their deployments and review official advisories for affected scope and vendor guidance.
Official resources
-
CVE-2026-61866 CVE record
CVE.org
-
CVE-2026-61866 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T12:18:21.673Z and has not been modified since then.