CVE Vulnerabilities

CVE-2026-61857

Unchecked Return Value

Published: Jul 11, 2026 | Modified: Jul 11, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes.

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

NameVendorStart VersionEnd Version
ImagemagickUbuntuupstream*

Potential Mitigations

References