VYPR

Vendor CVEs

ImageMagick

All CVEs

783 total · sorted by risk
  • CVE-2026-25965Feb 24, 2026
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such…

  • CVE-2026-25898Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In…

  • CVE-2026-25897Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds…

  • CVE-2026-25799Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image…

  • CVE-2026-25798Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by…

  • CVE-2026-25797Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An…

  • CVE-2026-25796Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite…

  • CVE-2026-25795Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed,…

  • CVE-2026-25794Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows…

  • CVE-2026-25638Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns…

  • CVE-2026-25637Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are…

  • CVE-2026-25576Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with…

  • CVE-2026-24485Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the…

  • CVE-2026-24484Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

  • CVE-2026-24481Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously…

  • CVE-2026-23952Jan 22, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can…

  • CVE-2026-23876Jan 20, 2026
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated…

  • CVE-2026-23874Jan 20, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `` command when writing to MSL format. Version 7.1.2-13 fixes the…

  • CVE-2026-22770Jan 20, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly…

  • CVE-2025-69204Dec 30, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and…

  • CVE-2025-68950Dec 30, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows…

  • CVE-2025-68618Dec 30, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

  • CVE-2025-68469Dec 18, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.

  • CVE-2025-66628Dec 10, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height…

  • CVE-2025-65955Dec 2, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font…

  • CVE-2025-62594Oct 27, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero,…

  • CVE-2025-62171Oct 17, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in…

  • CVE-2025-57807Sep 5, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and…

  • CVE-2025-57803Aug 26, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride)…

  • CVE-2025-55298Aug 26, 2025
    risk 0.00cvss epss 0.04

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to…

  • CVE-2025-55212Aug 26, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later,…

  • CVE-2025-55160Aug 13, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in…

  • CVE-2025-55154Aug 13, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has…

  • CVE-2025-55005Aug 13, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is…

  • CVE-2025-55004Aug 13, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in…

  • CVE-2025-53101Jul 14, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal…

  • CVE-2025-53019Jul 14, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory…

  • CVE-2025-53015Jul 14, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.

  • CVE-2025-53014Jul 14, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory…

  • CVE-2024-6486May 15, 2025
    risk 0.00cvss epss 0.02

    The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server…

  • CVE-2025-46393Apr 23, 2025
    risk 0.00cvss epss 0.00

    In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).

  • CVE-2025-43965Apr 23, 2025
    risk 0.00cvss epss 0.00

    In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.

  • CVE-2024-41817Jul 29, 2024
    risk 0.00cvss epss 0.01

    ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead…

  • CVE-2023-5341Nov 19, 2023
    risk 0.00cvss epss 0.00

    A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

  • CVE-2023-3428Oct 4, 2023
    risk 0.00cvss epss 0.00

    A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

  • CVE-2021-40211Aug 22, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.

  • CVE-2022-48541Aug 22, 2023
    risk 0.00cvss epss 0.01

    A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.

  • CVE-2023-39978Aug 8, 2023
    risk 0.00cvss epss 0.00

    ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

  • CVE-2023-3745Jul 24, 2023
    risk 0.00cvss epss 0.00

    A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to…

  • CVE-2023-34474Jun 16, 2023
    risk 0.00cvss epss 0.00

    A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a…

Page 12 of 16