ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure.
CVE-2026-56374
Score 3.3 from GitHub Security Advisory published 2026-07-08. NVD baseline CVSS 7.1; sources differ by 3.8.
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 7.1
- EG Score
- 3.3(medium)
- EPSS
- 5.3%
- KEV
- Not listed
Published
July 8, 2026
Last Modified
July 9, 2026
Advisory Details (2)
Auto-updated Jul 9, 2026ImageMagick - Heap Buffer Overflow in FTXT Encoder via format Parameter | Advisories | VulnCheck
https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-in-ftxt-encoder-via-format-parameterHeap-buffer-overflow in FTXT encoder · Advisory · ImageMagick/ImageMagick · GitHub
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w54j-7wpm-crhjVendor Advisories for CVE-2026-56374(1)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Affected Packages
(18 across 1 ecosystem)
NuGet(18)
| Package | Vulnerable range | Fixed in | Dependents |
|---|---|---|---|
| Magick.NET-Q16-AnyCPU | 10.0.0 ... 9.1.2 (213 versions) | 14.12.0 | — |
| Magick.NET-Q16-arm64 | 10.0.0 ... 9.1.2 (58 versions) | 14.12.0 | — |
| Magick.NET-Q16-HDRI-AnyCPU | 10.0.0 ... 9.1.2 (210 versions) | 14.12.0 | — |
| Magick.NET-Q16-HDRI-arm64 | 10.0.0 ... 9.1.2 (58 versions) | 14.12.0 | — |
| Magick.NET-Q16-HDRI-OpenMP-arm64 | 10.0.0 ... 9.1.2 (58 versions) | 14.12.0 | — |
| Magick.NET-Q16-HDRI-OpenMP-x64 | 10.0.0 ... 9.1.2 (110 versions) | 14.12.0 | — |
| Magick.NET-Q16-HDRI-x64 | 10.0.0 ... 9.1.2 (210 versions) | 14.12.0 | — |
| Magick.NET-Q16-HDRI-x86 | 10.0.0 ... 9.1.2 (210 versions) | 14.12.0 | — |
| Magick.NET-Q16-OpenMP-arm64 | 10.0.0 ... 9.1.2 (58 versions) | 14.12.0 | — |
| Magick.NET-Q16-OpenMP-x64 | 10.0.0 ... 9.1.2 (110 versions) | 14.12.0 | — |
| Magick.NET-Q16-x64 | 10.0.0 ... 9.1.2 (229 versions) | 14.12.0 | — |
| Magick.NET-Q16-x86 | 10.0.0 ... 9.1.2 (229 versions) | 14.12.0 | — |
| Magick.NET-Q8-AnyCPU | 10.0.0 ... 9.1.2 (213 versions) | 14.12.0 | — |
| Magick.NET-Q8-arm64 | 10.0.0 ... 9.1.2 (58 versions) | 14.12.0 | — |
| Magick.NET-Q8-OpenMP-arm64 | 10.0.0 ... 9.1.2 (58 versions) | 14.12.0 | — |
| Magick.NET-Q8-OpenMP-x64 | 10.0.0 ... 9.1.2 (110 versions) | 14.12.0 | — |
| Magick.NET-Q8-x64 | 10.0.0 ... 9.1.2 (229 versions) | 14.12.0 | — |
| Magick.NET-Q8-x86 | 10.0.0 ... 9.1.2 (229 versions) | 14.12.0 | — |
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 9× in last 7d / 9× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-11 09:21 UTCEG score recompute
- 2026-07-11 09:21 UTCGHSA enrichment
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-09 19:10 UTCEPSS rescore
- 2026-07-09 19:10 UTCEPSS rescore
- 2026-07-09 15:00 UTCNVD updateCVSS v3 → 7.1 · severity → HIGH
- 2026-07-08 14:06 UTCEG score recompute
- 2026-07-08 14:05 UTCMITRE cvelistV5first tracked
Related CVEs(same CWE)
Same CWE
10 shownCWE-125
- CVE-2014-2898EG 9.8CRITICAL
- CVE-2014-2897EG 9.8CRITICAL
- CVE-2014-2896EG 9.8CRITICAL
- CVE-2015-9290EG 9.8CRITICAL
- CVE-2016-10749EG 9.8CRITICAL
- CVE-1999-0006EG 9.8EPSS 96%CRITICAL
- CVE-2014-3180EG 9.1CRITICAL
- CVE-2014-1508EG 9.1EPSS 90%CRITICAL
- CVE-2016-5198NVD 8.8EG 9.0 KEVEPSS 98%HIGH
- CVE-2016-4523NVD 7.5EG 9.0 KEVEPSS 98%HIGH
Frequently asked(5)
What is CVE-2026-56374?
When was CVE-2026-56374 disclosed?
Is CVE-2026-56374 actively exploited?
What is the CVSS score of CVE-2026-56374?
How do I remediate CVE-2026-56374?
Dependency Blast Radius
See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-56374
Is Your Infrastructure Affected by CVE-2026-56374?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.