Vendor CVEs
ImageMagick
All CVEs
783 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45359 | Med | 0.37 | 5.7 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation.… | ||
| CVE-2026-49219 | Med | 0.36 | 5.5 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue… | ||
| CVE-2026-48734 | Med | 0.36 | 5.5 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions… | ||
| CVE-2026-48724 | Med | 0.36 | 5.5 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version… | ||
| CVE-2026-46521 | Med | 0.36 | 5.5 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in… | ||
| CVE-2026-42050 | Med | 0.36 | 5.5 | 0.00 | May 11, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item.… | ||
| CVE-2017-10995 | Med | 0.36 | 5.5 | 0.02 | Jul 7, 2017 | The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. | ||
| CVE-2015-8959 | Med | 0.36 | 6.5 | 0.03 | Apr 20, 2017 | coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. | ||
| CVE-2014-8562 | Med | 0.36 | 5.5 | 0.02 | Apr 11, 2017 | DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | ||
| CVE-2014-8355 | Med | 0.36 | 5.5 | 0.02 | Apr 11, 2017 | PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | ||
| CVE-2014-9818 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. | ||
| CVE-2014-9816 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | ||
| CVE-2014-9815 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. | ||
| CVE-2014-9814 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. | ||
| CVE-2014-9813 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | ||
| CVE-2014-9812 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. | ||
| CVE-2014-9811 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. | ||
| CVE-2014-9810 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | ||
| CVE-2014-9809 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. | ||
| CVE-2014-9808 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. | ||
| CVE-2014-9807 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. | ||
| CVE-2014-9806 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. | ||
| CVE-2014-9805 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | ||
| CVE-2017-7275 | Med | 0.36 | 5.5 | 0.01 | Mar 27, 2017 | The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and… | ||
| CVE-2017-5508 | Med | 0.36 | 5.5 | 0.03 | Mar 24, 2017 | Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file. | ||
| CVE-2016-9556 | Med | 0.36 | 5.5 | 0.02 | Mar 23, 2017 | The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | ||
| CVE-2014-9915 | Med | 0.36 | 5.5 | 0.01 | Mar 23, 2017 | Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. | ||
| CVE-2014-9840 | Med | 0.36 | 5.5 | 0.01 | Mar 22, 2017 | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | ||
| CVE-2014-9838 | Med | 0.36 | 5.5 | 0.01 | Mar 22, 2017 | magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | ||
| CVE-2014-9836 | Med | 0.36 | 5.5 | 0.01 | Mar 22, 2017 | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | ||
| CVE-2014-9845 | Med | 0.36 | 5.5 | 0.02 | Mar 20, 2017 | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | ||
| CVE-2014-9844 | Med | 0.36 | 5.5 | 0.02 | Mar 20, 2017 | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | ||
| CVE-2014-9853 | Med | 0.36 | 5.5 | 0.02 | Mar 17, 2017 | Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | ||
| CVE-2017-6502 | Med | 0.36 | 5.5 | 0.01 | Mar 6, 2017 | An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). | ||
| CVE-2017-6501 | Med | 0.36 | 5.5 | 0.01 | Mar 6, 2017 | An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. | ||
| CVE-2017-6500 | Med | 0.36 | 5.5 | 0.01 | Mar 6, 2017 | An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | ||
| CVE-2017-6499 | Med | 0.36 | 5.5 | 0.01 | Mar 6, 2017 | An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | ||
| CVE-2017-6498 | Med | 0.36 | 5.5 | 0.01 | Mar 6, 2017 | An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. | ||
| CVE-2016-10062 | Med | 0.36 | 5.5 | 0.02 | Mar 2, 2017 | The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | ||
| CVE-2016-5240 | Med | 0.36 | 5.5 | 0.02 | Feb 27, 2017 | The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. | ||
| CVE-2016-9773 | Med | 0.36 | 5.5 | 0.02 | Feb 17, 2017 | Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for… | ||
| CVE-2016-8678 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." | ||
| CVE-2016-9298 | Med | 0.36 | 5.5 | 0.02 | Jan 27, 2017 | Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image. | ||
| CVE-2016-7906 | Med | 0.36 | 5.5 | 0.02 | Jan 18, 2017 | magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. | ||
| CVE-2012-1186 | Med | 0.36 | 5.5 | 0.02 | Jun 5, 2012 | Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete… | ||
| CVE-2012-0248 | Med | 0.36 | 5.5 | 0.02 | Jun 5, 2012 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | ||
| CVE-2018-18016 | Med | 0.35 | 6.5 | 0.02 | Oct 5, 2018 | ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | ||
| CVE-2015-8958 | Med | 0.35 | 6.5 | 0.03 | Apr 20, 2017 | coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. | ||
| CVE-2015-8957 | Med | 0.35 | 6.5 | 0.03 | Apr 20, 2017 | Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. | ||
| CVE-2014-9907 | Med | 0.35 | 6.5 | 0.02 | Apr 19, 2017 | coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. |
- risk 0.37cvss 5.7epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation.…
- risk 0.36cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue…
- risk 0.36cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions…
- risk 0.36cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version…
- risk 0.36cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in…
- risk 0.36cvss 5.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item.…
- risk 0.36cvss 5.5epss 0.02
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
- risk 0.36cvss 6.5epss 0.03
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
- risk 0.36cvss 5.5epss 0.02
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
- risk 0.36cvss 5.5epss 0.02
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.
- risk 0.36cvss 5.5epss 0.01
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
- risk 0.36cvss 5.5epss 0.01
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
- risk 0.36cvss 5.5epss 0.01
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
- risk 0.36cvss 5.5epss 0.01
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and…
- risk 0.36cvss 5.5epss 0.03
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
- risk 0.36cvss 5.5epss 0.02
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
- risk 0.36cvss 5.5epss 0.01
Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.
- risk 0.36cvss 5.5epss 0.01
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
- risk 0.36cvss 5.5epss 0.01
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
- risk 0.36cvss 5.5epss 0.01
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
- risk 0.36cvss 5.5epss 0.02
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
- risk 0.36cvss 5.5epss 0.02
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
- risk 0.36cvss 5.5epss 0.02
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
- risk 0.36cvss 5.5epss 0.02
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
- risk 0.36cvss 5.5epss 0.02
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for…
- risk 0.36cvss 5.5epss 0.02
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
- risk 0.36cvss 5.5epss 0.02
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
- risk 0.36cvss 5.5epss 0.02
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete…
- risk 0.36cvss 5.5epss 0.02
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
- risk 0.35cvss 6.5epss 0.02
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
- risk 0.35cvss 6.5epss 0.03
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
- risk 0.35cvss 6.5epss 0.03
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
- risk 0.35cvss 6.5epss 0.02
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
Page 9 of 16