Vulnerability Details CVE-2026-56378
ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 8.5%
CVSS Severity
CVSS v3 Score 3.7