LiveActive security incident?Get immediate response
CVE Record

CVE-2026-61465: ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service.

MediumCVSS 4.8Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

ImageMagick can be made to ignore its configured memory allocation limit during certain image operations. A crafted image can force extra memory use and cause denial of service. The issue is not described as data theft or code execution, but it can disrupt services that process untrusted images.

Executive priority

Treat as a service reliability risk for image-processing systems, not a breach-class issue based on current sources. Prioritize patching internet-facing or customer-upload workflows first, then internal batch processing.

Technical view

ImageMagick before 7.1.2-26 and 6.9.13-51 lacks an allowed-memory-limit check in matrix-backed operations such as -canny. This is classified as CWE-770 and has CVSS 4.0 score 4.8. The reported impact is availability loss through excessive memory allocation beyond policy limits.

Likely exposure

Exposure is highest in applications, batch jobs, or APIs that process user-supplied images with vulnerable ImageMagick versions, especially workflows using affected matrix-backed operations. Systems using ImageMagick only on trusted images have lower practical exposure.

Exploitation context

The source bundle reports crafted-image denial of service. It does not cite active exploitation, and KEV status is false. The CVSS vector indicates low attack complexity, no privileges, local attack vector, and user interaction required.

Researcher notes

Evidence supports a memory allocation policy bypass in ImageMagick matrix-backed operations. Sources name denial of service only. No exploit status, workaround details, or broader affected products are provided beyond ImageMagick versions listed in the bundle.

Mitigation direction

  • Upgrade ImageMagick to 7.1.2-26, 6.9.13-51, or later where applicable.
  • Check the ImageMagick advisory for version-specific remediation guidance.
  • Limit processing of untrusted images until patched.
  • Apply process memory and workload isolation controls around image processing services.

Validation and detection

  • Inventory ImageMagick versions across hosts, containers, and build images.
  • Identify services that accept or transform untrusted image files.
  • Confirm whether affected matrix-backed operations are reachable in production workflows.
  • Verify upgraded systems report fixed ImageMagick versions.
  • Review monitoring for memory exhaustion or image-processing denial-of-service events.
Prepared
Confidence
high
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-770: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2026-61465 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
4.8 (4.0)
Known Exploited
No
Published

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

2CVSS vectors
3Timeline events
1ADP providers
3Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

2 official scores

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
4.8CVSS 4.0MediumCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:NVulnCheck
3.3CVSS 3.1LowCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L1.81.4VulnCheck

Vulnerability scoring details

Base CVSS 4.0 score

4.8Medium
CVSS 4.0 vector shape for CVE-2026-61465Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
ImageMagickImageMagick0, 7.1.2-26unaffected
ImageMagickImageMagick0, 6.9.13-51unaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-770 · source CWE mapping

Allocation of Resources Without Limits or Throttling

Allocation of Resources Without Limits or Throttling represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.