VYPR

imagemagick

by Debian

CVEs (6)

  • CVE-2026-56361Jul 1, 2026
    risk 0.00cvss epss

    ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.

  • CVE-2026-56369Jul 1, 2026
    risk 0.00cvss epss

    ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.

  • CVE-2026-56365Jul 1, 2026
    risk 0.00cvss epss

    ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

  • CVE-2026-56377Jul 1, 2026
    risk 0.00cvss epss

    ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended…

  • CVE-2026-56364Jul 1, 2026
    risk 0.00cvss epss

    ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files…

  • CVE-2026-56363Jul 1, 2026
    risk 0.00cvss epss

    ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application…