<Vulnerability name="CVE-2026-56377">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Low</ThreatSeverity>
    <PublicDate>2026-06-30T22:08:39</PublicDate>
    <Bugzilla id="2495416" url="https://bugzilla.redhat.com/show_bug.cgi?id=2495416" xml:lang="en:us">
Imagemagick: ImageMagick - Policy Bypass via Incorrect Path Validation
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>3.3</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-22</CWE>
    <Details xml:lang="en:us" source="Mitre">
ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw in ImageMagick’s policy enforcement allows remote attackers to bypass path restrictions within sandboxed conversion services. By circumventing these controls, an attacker can create or truncate files outside permitted security boundaries, leading to unauthorized file manipulation.
    </Details>
    <Statement xml:lang="en:us">
This flaw in ImageMagick has a Low impact, allowing remote attackers to bypass path policy restrictions within sandboxed conversion services. This could lead to the creation or truncation of files outside of intended boundaries, potentially affecting data integrity in specific configurations where ImageMagick processes untrusted input in a sandboxed environment.
    </Statement>
    <Mitigation xml:lang="en:us">
To mitigate this use OS-level controls like SELinux, AppArmor, or container restrictions to strictly confine ImageMagick's write permissions. Restrict the process so it can only write to specific temporary or input directories, preventing unauthorized system file changes.
    </Mitigation>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:6">
        <ProductName>Red Hat Enterprise Linux 6</ProductName>
        <FixState>Out of support scope</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:7">
        <ProductName>Red Hat Enterprise Linux 7</ProductName>
        <FixState>Out of support scope</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-56377
https://nvd.nist.gov/vuln/detail/CVE-2026-56377
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p
https://www.vulncheck.com/advisories/imagemagick-policy-bypass-via-incorrect-path-validation
    </References>
</Vulnerability>