CVE-2026-40311 | ImageMagick up to 6.9.13-43/7.1.2-18 XMP Profile use after free (GHSA-r83h-crwp-3vm7)

A vulnerability, which was classified as critical, has been found in ImageMagick up to 6.9.13-43/7.1.2-18. The affected element is an unknown function of the component XMP Profile Handler. This manipulation causes use after free.

This vulnerability appears as CVE-2026-40311. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More