Imagemagick
by ImageMagick
Source repositories
CVEs (781)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55160 | 0.00 | — | 0.00 | Aug 13, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in… | |||
| CVE-2025-55154 | 0.00 | — | 0.01 | Aug 13, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has… | |||
| CVE-2025-55005 | 0.00 | — | 0.00 | Aug 13, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is… | |||
| CVE-2025-55004 | 0.00 | — | 0.01 | Aug 13, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in… | |||
| CVE-2025-53101 | 0.00 | — | 0.01 | Jul 14, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal… | |||
| CVE-2025-53019 | 0.00 | — | 0.00 | Jul 14, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory… | |||
| CVE-2025-53015 | 0.00 | — | 0.01 | Jul 14, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue. | |||
| CVE-2025-53014 | 0.00 | — | 0.01 | Jul 14, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory… | |||
| CVE-2024-6486 | 0.00 | — | 0.02 | May 15, 2025 | The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server… | |||
| CVE-2025-46393 | 0.00 | — | 0.00 | Apr 23, 2025 | In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). | |||
| CVE-2025-43965 | 0.00 | — | 0.00 | Apr 23, 2025 | In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. | |||
| CVE-2024-41817 | 0.00 | — | 0.01 | Jul 29, 2024 | ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead… | |||
| CVE-2023-5341 | 0.00 | — | 0.00 | Nov 19, 2023 | A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | |||
| CVE-2023-3428 | 0.00 | — | 0.00 | Oct 4, 2023 | A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. | |||
| CVE-2021-40211 | 0.00 | — | 0.01 | Aug 22, 2023 | An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. | |||
| CVE-2022-48541 | 0.00 | — | 0.01 | Aug 22, 2023 | A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. | |||
| CVE-2023-39978 | 0.00 | — | 0.00 | Aug 8, 2023 | ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. | |||
| CVE-2023-3745 | 0.00 | — | 0.00 | Jul 24, 2023 | A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to… | |||
| CVE-2023-34474 | 0.00 | — | 0.00 | Jun 16, 2023 | A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a… | |||
| CVE-2023-34475 | 0.00 | — | 0.00 | Jun 16, 2023 | A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in… |
- CVE-2025-55160Aug 13, 2025risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in…
- CVE-2025-55154Aug 13, 2025risk 0.00cvss —epss 0.01
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has…
- CVE-2025-55005Aug 13, 2025risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is…
- CVE-2025-55004Aug 13, 2025risk 0.00cvss —epss 0.01
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in…
- CVE-2025-53101Jul 14, 2025risk 0.00cvss —epss 0.01
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal…
- CVE-2025-53019Jul 14, 2025risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory…
- CVE-2025-53015Jul 14, 2025risk 0.00cvss —epss 0.01
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
- CVE-2025-53014Jul 14, 2025risk 0.00cvss —epss 0.01
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory…
- CVE-2024-6486May 15, 2025risk 0.00cvss —epss 0.02
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server…
- CVE-2025-46393Apr 23, 2025risk 0.00cvss —epss 0.00
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).
- CVE-2025-43965Apr 23, 2025risk 0.00cvss —epss 0.00
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.
- CVE-2024-41817Jul 29, 2024risk 0.00cvss —epss 0.01
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead…
- CVE-2023-5341Nov 19, 2023risk 0.00cvss —epss 0.00
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
- CVE-2023-3428Oct 4, 2023risk 0.00cvss —epss 0.00
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
- CVE-2021-40211Aug 22, 2023risk 0.00cvss —epss 0.01
An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.
- CVE-2022-48541Aug 22, 2023risk 0.00cvss —epss 0.01
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
- CVE-2023-39978Aug 8, 2023risk 0.00cvss —epss 0.00
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
- CVE-2023-3745Jul 24, 2023risk 0.00cvss —epss 0.00
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to…
- CVE-2023-34474Jun 16, 2023risk 0.00cvss —epss 0.00
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a…
- CVE-2023-34475Jun 16, 2023risk 0.00cvss —epss 0.00
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in…
Page 30 of 40