CVE-2026-61865 in ImageMagickinfo

Summary

by MITRE • 07/15/2026

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/15/2026

The vulnerability in ImageMagick affects versions prior to 7.1.2-26 and 6.9.13-51, specifically within the hough lines operation functionality. This memory leak represents a subtle but significant security concern that can impact system stability and resource availability over time. The flaw manifests when a specific operation within the hough lines processing fails, resulting in small memory allocations that are not properly released back to the system. This type of vulnerability falls under the category of memory management issues and can be classified as a CWE-401: Improper Release of Memory Before Next Refusal.

The hough lines algorithm is commonly used for detecting lines in images and is particularly valuable in computer vision applications, document analysis, and image processing workflows. When this operation fails during execution, the memory leak occurs because the system does not properly clean up allocated resources that were meant to be released after the failed operation. The cumulative effect of these small leaks can lead to progressive memory consumption, potentially causing denial of service conditions when the application runs continuously or processes multiple images in succession.

From an operational standpoint, this vulnerability poses a risk to systems that rely heavily on ImageMagick for image processing tasks, particularly those running in server environments or automated workflows. The memory leak may not be immediately apparent during single operations but can accumulate over time, especially in applications that process large volumes of images or run for extended periods without restarts. This behavior aligns with ATT&CK technique T1499.004: Network Denial of Service, as the progressive memory consumption can eventually lead to system resource exhaustion and service disruption.

The impact extends beyond simple resource waste to potentially compromise system availability and application performance. In high-throughput environments where ImageMagick is used extensively, these memory leaks can compound and eventually cause application crashes or system instability. The vulnerability demonstrates poor resource management practices within the image processing pipeline, suggesting that proper error handling and resource cleanup mechanisms were not adequately implemented for the hough lines operation.

Mitigation strategies should focus on immediate patching to the latest versions of ImageMagick where this memory leak has been addressed through improved resource management and proper cleanup procedures. Organizations should also implement monitoring systems to track memory usage patterns in applications that utilize ImageMagick, allowing for early detection of potential memory exhaustion issues. Additionally, input validation and sanitization measures can help prevent malicious actors from triggering the vulnerable code paths through crafted image files designed to force the specific failure condition that leads to the memory leak.

Responsible

VulnCheck

Reservation

07/10/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!