VYPR

Vendor CVEs

ImageMagick

All CVEs

783 total · sorted by risk
  • CVE-2026-45359MedJun 10, 2026
    risk 0.37cvss 5.7epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation.…

  • CVE-2026-49219MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue…

  • CVE-2026-48734MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions…

  • CVE-2026-48724MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version…

  • CVE-2026-46521MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in…

  • CVE-2026-42050MedMay 11, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item.…

  • CVE-2017-10995MedJul 7, 2017
    risk 0.36cvss 5.5epss 0.02

    The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.

  • CVE-2015-8959MedApr 20, 2017
    risk 0.36cvss 6.5epss 0.03

    coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.

  • CVE-2014-8562MedApr 11, 2017
    risk 0.36cvss 5.5epss 0.02

    DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).

  • CVE-2014-8355MedApr 11, 2017
    risk 0.36cvss 5.5epss 0.02

    PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).

  • CVE-2014-9818MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.

  • CVE-2014-9816MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.

  • CVE-2014-9815MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.

  • CVE-2014-9814MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.

  • CVE-2014-9813MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.

  • CVE-2014-9812MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.

  • CVE-2014-9811MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.

  • CVE-2014-9810MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.

  • CVE-2014-9809MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.

  • CVE-2014-9808MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.

  • CVE-2014-9807MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.

  • CVE-2014-9806MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.

  • CVE-2014-9805MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.

  • CVE-2017-7275MedMar 27, 2017
    risk 0.36cvss 5.5epss 0.01

    The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and…

  • CVE-2017-5508MedMar 24, 2017
    risk 0.36cvss 5.5epss 0.03

    Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.

  • CVE-2016-9556MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

  • CVE-2014-9915MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.01

    Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.

  • CVE-2014-9840MedMar 22, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.

  • CVE-2014-9838MedMar 22, 2017
    risk 0.36cvss 5.5epss 0.01

    magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).

  • CVE-2014-9836MedMar 22, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.

  • CVE-2014-9845MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.02

    The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

  • CVE-2014-9844MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.02

    The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

  • CVE-2014-9853MedMar 17, 2017
    risk 0.36cvss 5.5epss 0.02

    Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

  • CVE-2017-6502MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).

  • CVE-2017-6501MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.

  • CVE-2017-6500MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.

  • CVE-2017-6499MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).

  • CVE-2017-6498MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.

  • CVE-2016-10062MedMar 2, 2017
    risk 0.36cvss 5.5epss 0.02

    The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

  • CVE-2016-5240MedFeb 27, 2017
    risk 0.36cvss 5.5epss 0.02

    The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.

  • CVE-2016-9773MedFeb 17, 2017
    risk 0.36cvss 5.5epss 0.02

    Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2016-8678MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

  • CVE-2016-9298MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.02

    Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.

  • CVE-2016-7906MedJan 18, 2017
    risk 0.36cvss 5.5epss 0.02

    magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.

  • CVE-2012-1186MedJun 5, 2012
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete…

  • CVE-2012-0248MedJun 5, 2012
    risk 0.36cvss 5.5epss 0.02

    ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

  • CVE-2018-18016MedOct 5, 2018
    risk 0.35cvss 6.5epss 0.02

    ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.

  • CVE-2015-8958MedApr 20, 2017
    risk 0.35cvss 6.5epss 0.03

    coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.

  • CVE-2015-8957MedApr 20, 2017
    risk 0.35cvss 6.5epss 0.03

    Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.

  • CVE-2014-9907MedApr 19, 2017
    risk 0.35cvss 6.5epss 0.02

    coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.

Page 9 of 16