VYPR

Vendor CVEs

ImageMagick

All CVEs

777 total · sorted by risk
  • CVE-2016-10063HigMar 2, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.

  • CVE-2018-15607MedAug 21, 2018
    risk 0.43cvss 6.5epss 0.05

    In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory…

  • CVE-2018-13153MedJul 5, 2018
    risk 0.43cvss 6.5epss 0.04

    In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.

  • CVE-2018-10177MedApr 16, 2018
    risk 0.43cvss 6.5epss 0.03

    In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.

  • CVE-2018-9133MedMar 30, 2018
    risk 0.43cvss 6.5epss 0.03

    ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff…

  • CVE-2018-7443MedFeb 23, 2018
    risk 0.43cvss 6.5epss 0.03

    The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in…

  • CVE-2017-18029MedJan 12, 2018
    risk 0.43cvss 6.5epss 0.04

    In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

  • CVE-2018-5357MedJan 12, 2018
    risk 0.43cvss 6.5epss 0.04

    ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.

  • CVE-2018-5246MedJan 5, 2018
    risk 0.43cvss 6.5epss 0.04

    In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.

  • CVE-2017-11525MedJul 23, 2017
    risk 0.43cvss 6.5epss 0.04

    The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

  • CVE-2017-11524MedJul 23, 2017
    risk 0.43cvss 6.5epss 0.03

    The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.

  • CVE-2016-7538MedApr 20, 2017
    risk 0.43cvss 6.5epss 0.03

    coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

  • CVE-2016-7535MedApr 20, 2017
    risk 0.43cvss 6.5epss 0.03

    coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.

  • CVE-2016-7534MedApr 20, 2017
    risk 0.43cvss 6.5epss 0.03

    The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.

  • CVE-2016-7530MedApr 20, 2017
    risk 0.43cvss 6.5epss 0.03

    The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.

  • CVE-2016-7526MedApr 20, 2017
    risk 0.43cvss 6.5epss 0.04

    coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

  • CVE-2016-7521MedApr 20, 2017
    risk 0.43cvss 6.5epss 0.04

    Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.

  • CVE-2016-7537MedApr 19, 2017
    risk 0.43cvss 6.5epss 0.03

    MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.

  • CVE-2016-9559MedMar 1, 2017
    risk 0.43cvss 6.5epss 0.04

    coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

  • CVE-2016-7799MedJan 18, 2017
    risk 0.43cvss 6.5epss 0.04

    MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

  • CVE-2026-33908HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth…

  • CVE-2026-33901HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue…

  • CVE-2018-18025MedOct 7, 2018
    risk 0.42cvss 6.5epss 0.03

    In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.

  • CVE-2018-18024MedOct 7, 2018
    risk 0.42cvss 6.5epss 0.03

    In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

  • CVE-2018-18023MedOct 7, 2018
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.

  • CVE-2018-17967MedOct 3, 2018
    risk 0.42cvss 6.5epss 0.01

    ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.

  • CVE-2018-17966MedOct 3, 2018
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.

  • CVE-2018-17965MedOct 3, 2018
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.

  • CVE-2018-16750MedSep 9, 2018
    risk 0.42cvss 6.5epss 0.03

    In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.

  • CVE-2018-14437MedJul 20, 2018
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.

  • CVE-2018-14436MedJul 20, 2018
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.

  • CVE-2018-14435MedJul 20, 2018
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.

  • CVE-2018-14434MedJul 20, 2018
    risk 0.42cvss 6.5epss 0.03

    ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.

  • CVE-2018-11656MedJun 1, 2018
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.

  • CVE-2018-11655MedJun 1, 2018
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.

  • CVE-2018-11251MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.

  • CVE-2017-18273MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.

  • CVE-2017-18272MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

  • CVE-2017-18271MedMay 18, 2018
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.

  • CVE-2018-10805MedMay 8, 2018
    risk 0.42cvss 6.5epss 0.02

    ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.

  • CVE-2018-10804MedMay 8, 2018
    risk 0.42cvss 6.5epss 0.02

    ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.

  • CVE-2017-18254MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.

  • CVE-2017-18253MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-18252MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.

  • CVE-2017-18251MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.

  • CVE-2017-18250MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2018-7470MedFeb 25, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.

  • CVE-2018-6930MedFeb 13, 2018
    risk 0.42cvss 6.5epss 0.02

    A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.

  • CVE-2018-6876MedFeb 9, 2018
    risk 0.42cvss 6.5epss 0.03

    The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.

  • CVE-2018-6405MedJan 30, 2018
    risk 0.42cvss 6.5epss 0.02

    In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.

Page 4 of 16