Imagemagick
by ImageMagick
Source repositories
CVEs (781)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33900 | Med | 0.31 | 5.9 | 0.00 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write,… | ||
| CVE-2026-40311 | Med | 0.29 | 5.5 | 0.00 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has… | ||
| CVE-2026-40310 | Med | 0.29 | 5.5 | 0.00 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in… | ||
| CVE-2026-40183 | Med | 0.29 | 5.5 | 0.00 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version… | ||
| CVE-2026-33905 | Med | 0.29 | 5.5 | 0.00 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an… | ||
| CVE-2026-33902 | Med | 0.29 | 5.5 | 0.00 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested… | ||
| CVE-2016-10058 | Med | 0.29 | 5.5 | 0.02 | Mar 23, 2017 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. | ||
| CVE-2016-10053 | Med | 0.29 | 5.5 | 0.02 | Mar 23, 2017 | The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | ||
| CVE-2016-10047 | Med | 0.29 | 5.5 | 0.02 | Mar 23, 2017 | Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | ||
| CVE-2016-10046 | Med | 0.29 | 5.5 | 0.02 | Mar 23, 2017 | Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | ||
| CVE-2015-8898 | Med | 0.29 | 5.5 | 0.02 | Mar 15, 2017 | The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. | ||
| CVE-2015-8897 | Med | 0.29 | 5.5 | 0.02 | Mar 15, 2017 | The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. | ||
| CVE-2015-8894 | Med | 0.29 | 5.5 | 0.01 | Mar 15, 2017 | Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. | ||
| CVE-2016-10070 | Med | 0.29 | 5.5 | 0.02 | Mar 3, 2017 | Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | ||
| CVE-2016-10066 | Med | 0.29 | 5.5 | 0.02 | Mar 3, 2017 | Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file. | ||
| CVE-2016-10071 | Med | 0.29 | 5.5 | 0.02 | Mar 2, 2017 | coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | ||
| CVE-2016-10069 | Med | 0.29 | 5.5 | 0.02 | Mar 2, 2017 | coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. | ||
| CVE-2016-10068 | Med | 0.29 | 5.5 | 0.02 | Mar 2, 2017 | The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | ||
| CVE-2015-8900 | Med | 0.29 | 5.5 | 0.02 | Feb 27, 2017 | The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. | ||
| CVE-2026-53463 | Med | 0.28 | 4.3 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions… |
- risk 0.31cvss 5.9epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write,…
- risk 0.29cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has…
- risk 0.29cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in…
- risk 0.29cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version…
- risk 0.29cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an…
- risk 0.29cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested…
- risk 0.29cvss 5.5epss 0.02
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
- risk 0.29cvss 5.5epss 0.02
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
- risk 0.29cvss 5.5epss 0.02
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
- risk 0.29cvss 5.5epss 0.02
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
- risk 0.29cvss 5.5epss 0.02
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
- risk 0.29cvss 5.5epss 0.02
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
- risk 0.29cvss 5.5epss 0.01
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
- risk 0.29cvss 5.5epss 0.02
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
- risk 0.29cvss 5.5epss 0.02
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.
- risk 0.29cvss 5.5epss 0.02
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
- risk 0.29cvss 5.5epss 0.02
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
- risk 0.29cvss 5.5epss 0.02
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
- risk 0.29cvss 5.5epss 0.02
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
- risk 0.28cvss 4.3epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions…
Page 24 of 40