rpm package

opensuse/ImageMagick&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweed

Vulnerabilities (152)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-55298	—	< 7.1.2.2-2.1	7.1.2.2-2.1	Aug 26, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleStrin
CVE-2025-55212	—	< 7.1.2.2-2.1	7.1.2.2-2.1	Aug 26, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage
CVE-2025-55160	—	< 7.1.2.1-1.1	7.1.2.1-1.1	Aug 13, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in s
CVE-2025-55154	—	< 7.1.2.1-1.1	7.1.2.1-1.1	Aug 13, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has b
CVE-2025-53101	—	< 7.1.2.0-1.1	7.1.2.0-1.1	Jul 14, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal poin
CVE-2025-53019	—	< 7.1.2.0-1.1	7.1.2.0-1.1	Jul 14, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak.
CVE-2025-53015	—	< 7.1.2.0-1.1	7.1.2.0-1.1	Jul 14, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
CVE-2025-53014	—	< 7.1.2.0-1.1	7.1.2.0-1.1	Jul 14, 2025	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory a
CVE-2023-5341	—	< 7.1.1.19-1.1	7.1.1.19-1.1	Nov 19, 2023	A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVE-2023-3428	—	< 7.1.1.12-1.1	7.1.1.12-1.1	Oct 4, 2023	A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
CVE-2023-34475	—	< 7.1.1.11-2.1	7.1.1.11-2.1	Jun 16, 2023	A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in
CVE-2023-34474	—	< 7.1.1.11-2.1	7.1.1.11-2.1	Jun 16, 2023	A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a deni
CVE-2023-2157	—	< 7.1.1.10-1.1	7.1.1.10-1.1	Jun 6, 2023	A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
CVE-2023-34153	—	< 7.1.1.17-1.1	7.1.1.17-1.1	May 30, 2023	A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVE-2023-34151	—	< 7.1.1.17-1.1	7.1.1.17-1.1	May 30, 2023	A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
CVE-2023-1906	—	< 7.1.1.6-1.1	7.1.1.6-1.1	Apr 12, 2023	A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting i
CVE-2023-1289	—	< 7.1.1.17-1.1	7.1.1.17-1.1	Mar 23, 2023	A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," result
CVE-2022-44268	—	< 7.1.1.17-1.1	7.1.1.17-1.1	Feb 6, 2023	ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
CVE-2022-44267	—	< 7.1.1.17-1.1	7.1.1.17-1.1	Feb 6, 2023	ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
CVE-2022-3213	—	< 7.1.1.17-1.1	7.1.1.17-1.1	Sep 19, 2022	A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

CVE-2025-55298Aug 26, 2025
affected < 7.1.2.2-2.1fixed 7.1.2.2-2.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleStrin
CVE-2025-55212Aug 26, 2025
affected < 7.1.2.2-2.1fixed 7.1.2.2-2.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage
CVE-2025-55160Aug 13, 2025
affected < 7.1.2.1-1.1fixed 7.1.2.1-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in s
CVE-2025-55154Aug 13, 2025
affected < 7.1.2.1-1.1fixed 7.1.2.1-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has b
CVE-2025-53101Jul 14, 2025
affected < 7.1.2.0-1.1fixed 7.1.2.0-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal poin
CVE-2025-53019Jul 14, 2025
affected < 7.1.2.0-1.1fixed 7.1.2.0-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak.
CVE-2025-53015Jul 14, 2025
affected < 7.1.2.0-1.1fixed 7.1.2.0-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
CVE-2025-53014Jul 14, 2025
affected < 7.1.2.0-1.1fixed 7.1.2.0-1.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory a
CVE-2023-5341Nov 19, 2023
affected < 7.1.1.19-1.1fixed 7.1.1.19-1.1
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVE-2023-3428Oct 4, 2023
affected < 7.1.1.12-1.1fixed 7.1.1.12-1.1
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
CVE-2023-34475Jun 16, 2023
affected < 7.1.1.11-2.1fixed 7.1.1.11-2.1
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in
CVE-2023-34474Jun 16, 2023
affected < 7.1.1.11-2.1fixed 7.1.1.11-2.1
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a deni
CVE-2023-2157Jun 6, 2023
affected < 7.1.1.10-1.1fixed 7.1.1.10-1.1
A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
CVE-2023-34153May 30, 2023
affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVE-2023-34151May 30, 2023
affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
CVE-2023-1906Apr 12, 2023
affected < 7.1.1.6-1.1fixed 7.1.1.6-1.1
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting i
CVE-2023-1289Mar 23, 2023
affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," result
CVE-2022-44268Feb 6, 2023
affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
CVE-2022-44267Feb 6, 2023
affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
CVE-2022-3213Sep 19, 2022
affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Page 5 of 8