<Vulnerability name="CVE-2026-61863">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Low</ThreatSeverity>
    <PublicDate>2026-07-15T11:25:49</PublicDate>
    <Bugzilla id="2500901" url="https://bugzilla.redhat.com/show_bug.cgi?id=2500901" xml:lang="en:us">
ImageMagick: ImageMagick: Memory leak in TIFF encoder
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>2.9</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-772</CWE>
    <Details xml:lang="en:us" source="Mitre">
ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in ImageMagick. When processing a Tagged Image File Format (TIFF) image, a small memory leak can occur if the TIFF encoder is unable to create a temporary file. This can lead to a gradual consumption of system memory, potentially impacting the availability of the application.
    </Details>
    <Statement xml:lang="en:us">
Red Hat Enterprise Linux ships ImageMagick in RHEL 6 ELS and RHEL 7 ELS. This flaw has been rated as having a Low security impact and is not currently planned to be addressed in future updates of those products. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
    </Statement>
    <Mitigation xml:lang="en:us">
Do not process untrusted image files with ImageMagick. If processing of untrusted input is required, configure ImageMagick's policy.xml to set memory and map resource limits to contain the impact of potential memory leaks. Upgrade to ImageMagick 7.1.2-26 or 6.9.13-51 mitigates the issue.
    </Mitigation>
    <PackageState impact="low" cpe="cpe:/o:redhat:enterprise_linux:6">
        <ProductName>Red Hat Enterprise Linux 6</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <PackageState impact="low" cpe="cpe:/o:redhat:enterprise_linux:7">
        <ProductName>Red Hat Enterprise Linux 7</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-61863
https://nvd.nist.gov/vuln/detail/CVE-2026-61863
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9
https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-tiff-encoder
    </References>
</Vulnerability>