Skip to main content

Imagemagick

694 CVEs product

Monthly

CVE-2026-25965 NuGet HIGH PATCH This Week

Local file disclosure in ImageMagick before 7.1.2-15 and 6.9.13-40 lets attackers bypass the path security policy (policy-secure.xml) using directory traversal, reading files a rule such as `/etc/*` was meant to block. Because the policy matcher evaluates the raw, unnormalized filename string before the OS resolves it, a traversal sequence slips past the deny rule while the kernel still opens the real sensitive file. No public exploit is identified at time of analysis and EPSS is very low (0.04%), but the bug undermines a control specifically deployed to harden image-processing pipelines that handle untrusted input.

Path Traversal Imagemagick
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25898 NuGet MEDIUM PATCH This Month

ImageMagick's UIL and XPM image encoders fail to validate pixel index values before using them as array subscripts, allowing an attacker to craft malicious images that trigger out-of-bounds reads in HDRI builds. Exploitation can result in information disclosure or denial of service through process crashes. Versions prior to 7.1.2-15 and 6.9.13-40 are affected, and no patch is currently available.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick Red Hat +1
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25897 NuGet MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain an integer overflow in the SUN image decoder that allows heap buffer overflow on 32-bit systems when processing specially crafted image files. Attackers can trigger this vulnerability remotely without authentication to cause denial of service or potentially achieve code execution. A patch is currently unavailable, leaving affected 32-bit installations at risk until updates are released.

Integer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25799 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Denial Of Service Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25798 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Null Pointer Dereference Denial Of Service Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25797 NuGet MEDIUM PATCH This Month

Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.

RCE Code Injection Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-25796 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Denial Of Service Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25795 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Null Pointer Dereference Denial Of Service Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25794 NuGet HIGH PATCH GHSA This Week

Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplying specially crafted images with large dimensions, potentially crashing the application or corrupting heap memory. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and requires no user interaction or authentication to exploit. Organizations using vulnerable versions should upgrade immediately, as no workaround is available.

Imagemagick Buffer Overflow Heap Overflow
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-25638 NuGet MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory leak in the MSL image coder that allows unauthenticated remote attackers to cause denial of service through resource exhaustion when processing specially crafted MSL image files. The vulnerability exists because the WriteMSLImage function fails to release allocated memory during early function returns. An attacker can exploit this over the network without authentication to exhaust server memory and crash the application.

Denial Of Service Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25637 NuGet MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Denial Of Service Imagemagick Magick.Net Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25576 NuGet MEDIUM PATCH This Month

Heap buffer over-read in ImageMagick and Magick.Net raw image format handlers allows local attackers to read sensitive data from heap memory when processing specially crafted images with mismatched extraction and size parameters. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, potentially exposing confidential information through out-of-bounds memory access. A patch is available for affected users.

Buffer Overflow Imagemagick Magick.Net Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-24485 NuGet HIGH PATCH This Week

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 7.5 HIGH]

Denial Of Service Magick.Net Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24484 NuGet MEDIUM PATCH This Month

ImageMagick and Magick.NET fail to properly validate nested MVG-to-SVG conversions, allowing unauthenticated remote attackers to trigger denial of service conditions. Affected versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to resource exhaustion attacks through specially crafted image files. A patch is available for both products.

Denial Of Service Imagemagick Magick.Net Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-24481 NuGet HIGH PATCH This Week

Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.

Adobe Information Disclosure Imagemagick Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23952 NuGet MEDIUM POC PATCH This Month

ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer dereference in the MSL parser when processing malformed comment tags, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, and affected systems may crash or experience assertion failures depending on build configuration. No patch is currently available to address this medium-severity issue.

Null Pointer Dereference Denial Of Service Magick.Net Imagemagick Red Hat +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23876 CRITICAL POC PATCH Act Now

Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled data past an allocated heap buffer by submitting a maliciously crafted XBM file, affecting all versions prior to 7.1.2-13 and 6.9.13-38. Because any read or identify operation triggers the flaw, it is reachable through ordinary image upload and conversion pipelines, raising the risk of memory corruption and potential remote code execution. Publicly available exploit code exists and a vendor patch is available, though EPSS exploitation probability remains low (0.08%) and it is not listed in CISA KEV.

Buffer Overflow Imagemagick Heap Overflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-23874 NuGet MEDIUM POC PATCH This Month

Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

Stack Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22770 NuGet MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.

Information Disclosure Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65955 MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57807 NuGet LOW POC PATCH Monitor

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.8). Public exploit code available.

Heap Overflow Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-57803 NuGet HIGH POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55298 NuGet HIGH POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-55212 NuGet LOW POC PATCH Monitor

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2025-55160 NuGet MEDIUM POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55154 NuGet HIGH POC PATCH This Week

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-55005 MEDIUM POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55004 NuGet HIGH POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-53101 NuGet HIGH POC PATCH This Week

A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.

Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-53015 NuGet HIGH POC PATCH This Week

CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.

Information Disclosure Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-46393 LOW PATCH Monitor

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-43965 LOW PATCH Monitor

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2024-41817 HIGH POC PATCH This Week

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-5341 MEDIUM PATCH This Month

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-3428 MEDIUM This Month

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Imagemagick Extra Packages For Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39978 LOW PATCH Monitor

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Imagemagick Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-3745 MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-3195 MEDIUM POC PATCH This Month

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Denial Of Service Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-34475 MEDIUM PATCH This Month

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34474 MEDIUM PATCH This Month

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Heap Overflow Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-2157 MEDIUM PATCH This Month

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Imagemagick
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-34153 HIGH POC This Week

A vulnerability was found in ImageMagick. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Imagemagick Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
3.2%
CVE-2023-34152 CRITICAL POC Act Now

A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Imagemagick Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2023-34151 MEDIUM POC This Month

A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-1906 MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Heap Overflow Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-3213 MEDIUM PATCH This Month

A heap buffer overflow issue was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Imagemagick Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-1115 MEDIUM POC PATCH This Month

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-0284 HIGH POC PATCH This Week

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-2719 MEDIUM PATCH This Month

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Extra Packages For Enterprise Linux Imagemagick Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-32547 HIGH PATCH This Week

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-32546 HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-32545 HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-28463 HIGH POC PATCH This Week

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-1114 HIGH This Week

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Information Disclosure Imagemagick
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2021-3962 HIGH PATCH This Week

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
5.8%
CVE-2021-39212 LOW PATCH Monitor

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. Rated low severity (CVSS 3.6). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
3.6
EPSS
0.4%
CVE-2021-20313 HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-20312 HIGH PATCH This Week

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-20311 HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20310 HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-20309 HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-20246 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20245 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20244 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20243 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resize.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-20241 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/jp2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-20176 MEDIUM This Month

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-27758 LOW POC Monitor

A flaw was found in ImageMagick in coders/txt.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27757 LOW POC Monitor

A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27756 MEDIUM POC This Month

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-27755 LOW POC Monitor

in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2020-27754 LOW POC Monitor

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27753 MEDIUM POC This Month

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-27752 HIGH POC This Week

A flaw was found in ImageMagick in MagickCore/quantum-private.h. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-27751 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum-export.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27750 MEDIUM POC This Month

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25676 MEDIUM POC This Month

In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-25675 LOW POC Monitor

In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-25674 MEDIUM POC This Month

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25667 MEDIUM POC This Month

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-25666 LOW POC Monitor

There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.2%
CVE-2020-25665 MEDIUM POC This Month

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25664 MEDIUM POC This Month

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25663 MEDIUM POC PATCH This Month

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-29599 HIGH POC This Week

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
7.5%
CVE-2020-27773 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/gem-private.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-27772 LOW POC Monitor

A flaw was found in ImageMagick in coders/bmp.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27776 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2020-27775 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27774 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Local file disclosure in ImageMagick before 7.1.2-15 and 6.9.13-40 lets attackers bypass the path security policy (policy-secure.xml) using directory traversal, reading files a rule such as `/etc/*` was meant to block. Because the policy matcher evaluates the raw, unnormalized filename string before the OS resolves it, a traversal sequence slips past the deny rule while the kernel still opens the real sensitive file. No public exploit is identified at time of analysis and EPSS is very low (0.04%), but the bug undermines a control specifically deployed to harden image-processing pipelines that handle untrusted input.

Path Traversal Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick's UIL and XPM image encoders fail to validate pixel index values before using them as array subscripts, allowing an attacker to craft malicious images that trigger out-of-bounds reads in HDRI builds. Exploitation can result in information disclosure or denial of service through process crashes. Versions prior to 7.1.2-15 and 6.9.13-40 are affected, and no patch is currently available.

Buffer Overflow Denial Of Service Information Disclosure +3
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain an integer overflow in the SUN image decoder that allows heap buffer overflow on 32-bit systems when processing specially crafted image files. Attackers can trigger this vulnerability remotely without authentication to cause denial of service or potentially achieve code execution. A patch is currently unavailable, leaving affected 32-bit installations at risk until updates are released.

Integer Overflow Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Null Pointer Dereference Denial Of Service Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.

RCE Code Injection Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Null Pointer Dereference Denial Of Service Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplying specially crafted images with large dimensions, potentially crashing the application or corrupting heap memory. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and requires no user interaction or authentication to exploit. Organizations using vulnerable versions should upgrade immediately, as no workaround is available.

Imagemagick Buffer Overflow Heap Overflow
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory leak in the MSL image coder that allows unauthenticated remote attackers to cause denial of service through resource exhaustion when processing specially crafted MSL image files. The vulnerability exists because the WriteMSLImage function fails to release allocated memory during early function returns. An attacker can exploit this over the network without authentication to exhaust server memory and crash the application.

Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]

Denial Of Service Imagemagick Magick.Net +2
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Heap buffer over-read in ImageMagick and Magick.Net raw image format handlers allows local attackers to read sensitive data from heap memory when processing specially crafted images with mismatched extraction and size parameters. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, potentially exposing confidential information through out-of-bounds memory access. A patch is available for affected users.

Buffer Overflow Imagemagick Magick.Net +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 7.5 HIGH]

Denial Of Service Magick.Net Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ImageMagick and Magick.NET fail to properly validate nested MVG-to-SVG conversions, allowing unauthenticated remote attackers to trigger denial of service conditions. Affected versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to resource exhaustion attacks through specially crafted image files. A patch is available for both products.

Denial Of Service Imagemagick Magick.Net +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.

Adobe Information Disclosure Imagemagick +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer dereference in the MSL parser when processing malformed comment tags, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, and affected systems may crash or experience assertion failures depending on build configuration. No patch is currently available to address this medium-severity issue.

Null Pointer Dereference Denial Of Service Magick.Net +3
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled data past an allocated heap buffer by submitting a maliciously crafted XBM file, affecting all versions prior to 7.1.2-13 and 6.9.13-38. Because any read or identify operation triggers the flaw, it is reachable through ordinary image upload and conversion pipelines, raising the risk of memory corruption and potential remote code execution. Publicly available exploit code exists and a vendor patch is available, though EPSS exploitation probability remains low (0.08%) and it is not listed in CISA KEV.

Buffer Overflow Imagemagick Heap Overflow
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

Stack Overflow Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.

Information Disclosure Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.

Denial Of Service Imagemagick
NVD GitHub
EPSS 0% CVSS 3.8
LOW POC PATCH Monitor

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.8). Public exploit code available.

Heap Overflow Buffer Overflow Imagemagick
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Heap Overflow Buffer Overflow Imagemagick +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 3.7
LOW POC PATCH Monitor

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Imagemagick
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Imagemagick +2
NVD GitHub
EPSS 0% CVSS 7.6
HIGH POC PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Imagemagick +2
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.

Buffer Overflow Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.

Information Disclosure Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 2.9
LOW PATCH Monitor

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Imagemagick
NVD GitHub
EPSS 0% CVSS 2.9
LOW PATCH Monitor

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Imagemagick
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +3
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Imagemagick Fedora
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Heap Overflow +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Imagemagick
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

A vulnerability was found in ImageMagick. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Imagemagick Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Imagemagick Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Imagemagick +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Heap Overflow +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap buffer overflow issue was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Imagemagick +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Extra Packages For Enterprise Linux Imagemagick +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Fedora +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux
NVD GitHub
EPSS 1% CVSS 7.1
HIGH This Week

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free +2
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 3.6
LOW PATCH Monitor

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. Rated low severity (CVSS 3.6). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Imagemagick
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Imagemagick Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resize.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/jp2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagemagick Debian Linux
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in coders/txt.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Integer Overflow +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

A flaw was found in ImageMagick in MagickCore/quantum-private.h. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum-export.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 8% CVSS 7.8
HIGH POC This Week

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Imagemagick Debian Linux
NVD GitHub
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/gem-private.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in coders/bmp.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +2
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +2
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +2
NVD
Prev Page 2 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy