<Vulnerability name="CVE-2026-56365">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Low</ThreatSeverity>
    <PublicDate>2026-06-30T22:08:38</PublicDate>
    <Bugzilla id="2495448" url="https://bugzilla.redhat.com/show_bug.cgi?id=2495448" xml:lang="en:us">
Magick.NET-Q16-AnyCPU: Magick.NET-Q16-HDRI-AnyCPU: Magick.NET-Q16-HDRI-OpenMP-arm64: Magick.NET-Q16-HDRI-arm64: Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q16-HDRI-OpenMP-x64: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Denial of Service due to memory leak in PNG encoder when processing MNG images
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>3.7</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-401</CWE>
    <Details xml:lang="en:us" source="Mitre">
ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in ImageMagick. A remote attacker could exploit a memory leak vulnerability in the Portable Network Graphics (PNG) encoder when it fails to write Multiple-image Network Graphics (MNG) images. This flaw allows attackers to exhaust memory resources, leading to a denial of service (DoS) condition. This issue is categorized as a memory leak (CWE-401).
    </Details>
    <Statement xml:lang="en:us">
This Low impact memory leak in ImageMagick's PNG encoder, when processing Multiple-image Network Graphics (MNG) images, could lead to a denial of service. While the flaw can exhaust system memory, it requires an application to process a specially crafted MNG image, limiting the attack surface in typical Red Hat deployments.
    </Statement>
    <Mitigation xml:lang="en:us">
To mitigate this use system controls (such as ulimit or container memory limits) to strictly cap the memory available to the ImageMagick process. This prevents a leak from crashing the wider system.
    </Mitigation>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:6">
        <ProductName>Red Hat Enterprise Linux 6</ProductName>
        <FixState>Out of support scope</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:7">
        <ProductName>Red Hat Enterprise Linux 7</ProductName>
        <FixState>Out of support scope</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-56365
https://nvd.nist.gov/vuln/detail/CVE-2026-56365
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj
https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-png-encoder-via-mng-image-writing
    </References>
</Vulnerability>