VYPR

Imagemagick

by ImageMagick

Source repositories

CVEs (781)

  • CVE-2026-47165MedJun 10, 2026
    risk 0.27cvss 4.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in…

  • CVE-2026-46693MedJun 10, 2026
    risk 0.27cvss 4.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is…

  • CVE-2026-46692MedJun 10, 2026
    risk 0.27cvss 4.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has…

  • CVE-2026-33899MedApr 13, 2026
    risk 0.27cvss 5.3epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions…

  • CVE-2026-53464MedJun 10, 2026
    risk 0.26cvss 4.0epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.

  • CVE-2026-46559MedJun 10, 2026
    risk 0.26cvss 4.0epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been…

  • CVE-2026-34238MedApr 13, 2026
    risk 0.26cvss 5.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write.…

  • CVE-2026-33536MedMar 26, 2026
    risk 0.26cvss 5.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in…

  • CVE-2016-3716LowMay 5, 2016
    risk 0.25cvss 3.3epss 0.11

    The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

  • CVE-2026-33535MedMar 26, 2026
    risk 0.19cvss 4.0epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch…

  • CVE-2022-44268Feb 6, 2023
    risk 0.10cvss epss 0.90

    ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

  • CVE-2018-16323MedSep 1, 2018
    risk 0.07cvss 6.5epss 0.49

    ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can…

  • CVE-2020-29599Dec 7, 2020
    risk 0.06cvss epss 0.07

    ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell…

  • CVE-2023-34152May 30, 2023
    risk 0.05cvss epss 0.08

    A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

  • CVE-2022-44267Feb 6, 2023
    risk 0.04cvss epss 0.77

    ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

  • CVE-2014-1947Feb 17, 2020
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a…

  • CVE-2014-2030Feb 6, 2020
    risk 0.04cvss epss 0.11

    Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different…

  • CVE-2006-4144Aug 15, 2006
    risk 0.04cvss epss 0.10

    Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based…

  • CVE-2005-1275Apr 25, 2005
    risk 0.04cvss epss 0.14

    Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.

  • CVE-2009-1882Jun 2, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of…

Page 25 of 40