CVE-2026-61866 in ImageMagickinfo

Summary

by MITRE • 07/15/2026

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/15/2026

The vulnerability in ImageMagick versions prior to 7.1.2-26 represents a critical memory leak flaw within the JNG (JPEG Network Graphics) encoder component that poses significant operational risks to systems processing image data. This issue specifically manifests when the system attempts to handle malformed JNG files that cannot be properly opened as blobs, creating a condition where allocated memory resources are not appropriately released back to the system. The root cause stems from inadequate error handling mechanisms within the blob operation processing pipeline, where failure states do not trigger proper resource cleanup procedures. This memory leak vulnerability falls under the CWE-401 category of Unreleased Resource, specifically representing a memory leak that occurs during abnormal file processing conditions.

The operational impact of this vulnerability extends beyond simple resource consumption issues to potentially enable denial of service attacks against systems that process JNG images. When attackers craft malicious JNG files that deliberately fail blob operations, the system enters a state where memory allocated for processing these malformed inputs remains unreleased, gradually consuming available system resources until the application becomes unresponsive or crashes entirely. This exploitation pattern aligns with ATT&CK technique T1499.004 which describes resource exhaustion attacks targeting application memory management. The vulnerability is particularly concerning in environments where ImageMagick serves as a backend processing component for web applications, file upload systems, or automated image handling workflows, as these scenarios provide multiple attack vectors for malicious input delivery.

Systems utilizing ImageMagick for image processing operations face substantial risk when operating with vulnerable versions, as the memory leak can compound over time and potentially lead to complete system degradation. The vulnerability's exploitation requires minimal sophistication from attackers who only need to craft specific malformed JNG files that trigger the blob opening failure condition. Organizations should prioritize immediate patching to version 7.1.2-26 or later, which includes proper resource cleanup mechanisms for failed blob operations. Additional mitigations include implementing strict input validation and sanitization before image processing, deploying rate limiting on file upload operations, and configuring memory monitoring systems to detect unusual resource consumption patterns. Network-level controls such as content inspection appliances can also help filter potentially malicious JNG files before they reach vulnerable ImageMagick instances. The fix implemented in the patched version demonstrates proper error handling practices that ensure all allocated resources are released regardless of whether blob operations succeed or fail, addressing the underlying memory management flaw that enabled this persistent resource leak condition.

Responsible

VulnCheck

Reservation

07/10/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!