Detections
Analytics
ImageMagick < 6.9.13-40 / 7.x < 7.1.2-15 Multiple Vulnerabilities
medium Nessus Plugin ID 322795
Synopsis
The remote host has an application installed that is affected by multiple vulnerabilities.Description
The remote host has a version of ImageMagick installed that is prior to 6.9.13-40 or 7.x prior to 7.1.2-15. It is, therefore, affected by multiple vulnerabilities:- ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed. (CVE-2026-56371)
- ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.
(CVE-2026-56379)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to ImageMagick version 6.9.13-40 / 7.1.2-15 or later.See Also
Plugin Details
Severity: Medium
ID: 322795
File Name: imagemagick_CVE-2026-56371.nasl
Version: 1.1
Type: Local
Agent: windows, macosx, unix
Family: Misc.
Published: 6/25/2026
Updated: 6/25/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2026-56371
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS Score Source: CVE-2026-56379
Vulnerability Information
CPE: cpe:/a:imagemagick:imagemagick
Required KB Items: installed_sw/ImageMagick
Patch Publication Date: 2/23/2026
Vulnerability Publication Date: 2/23/2026
Reference Information
CVE: CVE-2026-56371, CVE-2026-56379