<Vulnerability name="CVE-2026-61865">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Low</ThreatSeverity>
    <PublicDate>2026-07-15T11:25:51</PublicDate>
    <Bugzilla id="2500895" url="https://bugzilla.redhat.com/show_bug.cgi?id=2500895" xml:lang="en:us">
ImageMagick: ImageMagick: Memory leak in hough lines operation can lead to denial of service
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>2.9</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-772</CWE>
    <Details xml:lang="en:us" source="Mitre">
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in ImageMagick. When processing images, a memory leak can occur during the 'hough lines' operation if an internal process fails. This vulnerability could lead to a gradual depletion of system memory, potentially resulting in a denial of service (DoS) for the affected system.
    </Details>
    <Statement xml:lang="en:us">
Red Hat Enterprise Linux ships ImageMagick in RHEL 6 ELS and RHEL 7 ELS. This flaw has been rated as having a Low security impact and is not currently planned to be addressed in future updates of those products. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
    </Statement>
    <Mitigation xml:lang="en:us">
Do not process untrusted image files with ImageMagick. If processing of untrusted input is required, configure ImageMagick's policy.xml to set memory and map resource limits to contain the impact of potential memory leaks. Upgrade to ImageMagick 7.1.2-26 or 6.9.13-51 mitigates the issue.
    </Mitigation>
    <PackageState impact="low" cpe="cpe:/o:redhat:enterprise_linux:6">
        <ProductName>Red Hat Enterprise Linux 6</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <PackageState impact="low" cpe="cpe:/o:redhat:enterprise_linux:7">
        <ProductName>Red Hat Enterprise Linux 7</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ImageMagick</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-61865
https://nvd.nist.gov/vuln/detail/CVE-2026-61865
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x
https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-in-hough-lines
    </References>
</Vulnerability>