apk package

chainguard/imagemagick-6-doc

pkg:apk/chainguard/imagemagick-6-doc

Vulnerabilities (53)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-40312	Med	6.2	< 6.9.13.46-r1	6.9.13.46-r1	Apr 13, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.
CVE-2026-40183	Med	5.5	< 6.9.13.46-r1	6.9.13.46-r1	Apr 13, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.
CVE-2026-40169	Med	6.2	< 6.9.13.46-r1	6.9.13.46-r1	Apr 13, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.
CVE-2026-23874		—	< 6.9.13.46-r1	6.9.13.46-r1	Jan 20, 2026	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `` command when writing to MSL format. Version 7.1.2-13 fixes the issue
CVE-2025-69204		—	< 6.9.13.37-r0	6.9.13.37-r0	Dec 30, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and cau
CVE-2025-68950		—	< 6.9.13.37-r0	6.9.13.37-r0	Dec 30, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows readin
CVE-2025-68618		—	< 6.9.13.37-r0	6.9.13.37-r0	Dec 30, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
CVE-2025-68469		—	< 6.9.13.46-r1	6.9.13.46-r1	Dec 18, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
CVE-2025-66628		—	< 6.9.13.46-r1	6.9.13.46-r1	Dec 10, 2025	ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bi
CVE-2025-62594		—	< 6.9.13.46-r1	6.9.13.46-r1	Oct 27, 2025	ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsi
CVE-2025-55005		—	< 6.9.13.46-r1	6.9.13.46-r1	Aug 13, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is l
CVE-2025-55004		—	< 6.9.13.46-r1	6.9.13.46-r1	Aug 13, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOn
CVE-2025-53101		—	< 0	0	Jul 14, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal poin
CVE-2025-53019		—	< 0	0	Jul 14, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak.
CVE-2025-53015		—	< 6.9.13.46-r1	6.9.13.46-r1	Jul 14, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
CVE-2025-53014		—	< 0	0	Jul 14, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory a
CVE-2025-43965		—	< 0	0	Apr 23, 2025	In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.
CVE-2024-41817		—	< 0	0	Jul 29, 2024	ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead
CVE-2023-5341		—	< 0	0	Nov 19, 2023	A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVE-2023-3428		—	< 0	0	Oct 4, 2023	A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

CVE-2026-40312MedApr 13, 2026
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.
CVE-2026-40183MedApr 13, 2026
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.
CVE-2026-40169MedApr 13, 2026
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.
CVE-2026-23874Jan 20, 2026
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `` command when writing to MSL format. Version 7.1.2-13 fixes the issue
CVE-2025-69204Dec 30, 2025
affected < 6.9.13.37-r0fixed 6.9.13.37-r0
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and cau
CVE-2025-68950Dec 30, 2025
affected < 6.9.13.37-r0fixed 6.9.13.37-r0
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows readin
CVE-2025-68618Dec 30, 2025
affected < 6.9.13.37-r0fixed 6.9.13.37-r0
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
CVE-2025-68469Dec 18, 2025
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
CVE-2025-66628Dec 10, 2025
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bi
CVE-2025-62594Oct 27, 2025
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsi
CVE-2025-55005Aug 13, 2025
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is l
CVE-2025-55004Aug 13, 2025
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOn
CVE-2025-53101Jul 14, 2025
affected < 0fixed 0
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal poin
CVE-2025-53019Jul 14, 2025
affected < 0fixed 0
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak.
CVE-2025-53015Jul 14, 2025
affected < 6.9.13.46-r1fixed 6.9.13.46-r1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
CVE-2025-53014Jul 14, 2025
affected < 0fixed 0
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory a
CVE-2025-43965Apr 23, 2025
affected < 0fixed 0
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.
CVE-2024-41817Jul 29, 2024
affected < 0fixed 0
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead
CVE-2023-5341Nov 19, 2023
affected < 0fixed 0
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVE-2023-3428Oct 4, 2023
affected < 0fixed 0
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

Page 1 of 3