CVE-2026-56367 ImageMagick - Heap Out-of-Bounds Read in PSB RLE Decoding

🗓️ 21 Jun 2026 13:26:56Reported by VulnCheckType

ImageMagick PSB RLE decoding heap out-of-bounds on 32-bit builds; affected 7.1.2-15 and 6.9.x before 6.9.13-40; may crash.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-56367	21 Jun 202613:26	–	attackerkb
CVE	CVE-2026-56367	21 Jun 202613:26	–	cve
EUVD	EUVD-2026-38173	21 Jun 202615:31	–	euvd
NVD	CVE-2026-56367	21 Jun 202614:16	–	nvd
Positive Technologies	PT-2026-51227	21 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "ImageMagick",
    "product": "ImageMagick",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "7.1.2-15"
      },
      {
        "version": "7.1.2-15",
        "status": "unaffected",
        "versionType": "semver"
      }
    ]
  },
  {
    "vendor": "ImageMagick",
    "product": "ImageMagick",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "6.9.13-40"
      },
      {
        "version": "6.9.13-40",
        "status": "unaffected",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
vulncheck	www.vulncheck.com/advisories/imagemagick-heap-out-of-bounds-read-in-psb-rle-decoding

21 Jun 2026 13:26Current

CVSS 3.13.7

CVSS 46.3

CWE-125