Imagemagick
Monthly
Local file disclosure in ImageMagick before 7.1.2-15 and 6.9.13-40 lets attackers bypass the path security policy (policy-secure.xml) using directory traversal, reading files a rule such as `/etc/*` was meant to block. Because the policy matcher evaluates the raw, unnormalized filename string before the OS resolves it, a traversal sequence slips past the deny rule while the kernel still opens the real sensitive file. No public exploit is identified at time of analysis and EPSS is very low (0.04%), but the bug undermines a control specifically deployed to harden image-processing pipelines that handle untrusted input.
ImageMagick's UIL and XPM image encoders fail to validate pixel index values before using them as array subscripts, allowing an attacker to craft malicious images that trigger out-of-bounds reads in HDRI builds. Exploitation can result in information disclosure or denial of service through process crashes. Versions prior to 7.1.2-15 and 6.9.13-40 are affected, and no patch is currently available.
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain an integer overflow in the SUN image decoder that allows heap buffer overflow on 32-bit systems when processing specially crafted image files. Attackers can trigger this vulnerability remotely without authentication to cause denial of service or potentially achieve code execution. A patch is currently unavailable, leaving affected 32-bit installations at risk until updates are released.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplying specially crafted images with large dimensions, potentially crashing the application or corrupting heap memory. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and requires no user interaction or authentication to exploit. Organizations using vulnerable versions should upgrade immediately, as no workaround is available.
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory leak in the MSL image coder that allows unauthenticated remote attackers to cause denial of service through resource exhaustion when processing specially crafted MSL image files. The vulnerability exists because the WriteMSLImage function fails to release allocated memory during early function returns. An attacker can exploit this over the network without authentication to exhaust server memory and crash the application.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Heap buffer over-read in ImageMagick and Magick.Net raw image format handlers allows local attackers to read sensitive data from heap memory when processing specially crafted images with mismatched extraction and size parameters. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, potentially exposing confidential information through out-of-bounds memory access. A patch is available for affected users.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 7.5 HIGH]
ImageMagick and Magick.NET fail to properly validate nested MVG-to-SVG conversions, allowing unauthenticated remote attackers to trigger denial of service conditions. Affected versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to resource exhaustion attacks through specially crafted image files. A patch is available for both products.
Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.
ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer dereference in the MSL parser when processing malformed comment tags, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, and affected systems may crash or experience assertion failures depending on build configuration. No patch is currently available to address this medium-severity issue.
Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled data past an allocated heap buffer by submitting a maliciously crafted XBM file, affecting all versions prior to 7.1.2-13 and 6.9.13-38. Because any read or identify operation triggers the flaw, it is reachable through ordinary image upload and conversion pipelines, raising the risk of memory corruption and potential remote code execution. Publicly available exploit code exists and a vendor patch is available, though EPSS exploitation probability remains low (0.08%) and it is not listed in CISA KEV.
Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).
ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.8). Public exploit code available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A vulnerability was found in ImageMagick. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap buffer overflow issue was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. Rated low severity (CVSS 3.6). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.
A flaw was found in ImageMagick in versions before 7.0.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in ImageMagick in MagickCore/resize.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in ImageMagick in coders/jp2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A flaw was found in ImageMagick in coders/txt.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/quantum-private.h. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/quantum-export.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/gem-private.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in coders/bmp.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Local file disclosure in ImageMagick before 7.1.2-15 and 6.9.13-40 lets attackers bypass the path security policy (policy-secure.xml) using directory traversal, reading files a rule such as `/etc/*` was meant to block. Because the policy matcher evaluates the raw, unnormalized filename string before the OS resolves it, a traversal sequence slips past the deny rule while the kernel still opens the real sensitive file. No public exploit is identified at time of analysis and EPSS is very low (0.04%), but the bug undermines a control specifically deployed to harden image-processing pipelines that handle untrusted input.
ImageMagick's UIL and XPM image encoders fail to validate pixel index values before using them as array subscripts, allowing an attacker to craft malicious images that trigger out-of-bounds reads in HDRI builds. Exploitation can result in information disclosure or denial of service through process crashes. Versions prior to 7.1.2-15 and 6.9.13-40 are affected, and no patch is currently available.
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain an integer overflow in the SUN image decoder that allows heap buffer overflow on 32-bit systems when processing specially crafted image files. Attackers can trigger this vulnerability remotely without authentication to cause denial of service or potentially achieve code execution. A patch is currently unavailable, leaving affected 32-bit installations at risk until updates are released.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Arbitrary code injection in ImageMagick's PostScript and HTML encoders allows attackers to inject malicious code that executes when files are processed by downstream applications like Ghostscript or web viewers. The vulnerability affects versions prior to 7.1.2-15 and 6.9.13-40 due to insufficient input sanitization in the ps and html coders. Users processing untrusted image files are at risk of code execution, though no patch is currently available.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Integer overflow in ImageMagick's UHDR image decoder allows remote attackers to trigger heap buffer overflows by supplying specially crafted images with large dimensions, potentially crashing the application or corrupting heap memory. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and requires no user interaction or authentication to exploit. Organizations using vulnerable versions should upgrade immediately, as no workaround is available.
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory leak in the MSL image coder that allows unauthenticated remote attackers to cause denial of service through resource exhaustion when processing specially crafted MSL image files. The vulnerability exists because the WriteMSLImage function fails to release allocated memory during early function returns. An attacker can exploit this over the network without authentication to exhaust server memory and crash the application.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 5.3 MEDIUM]
Heap buffer over-read in ImageMagick and Magick.Net raw image format handlers allows local attackers to read sensitive data from heap memory when processing specially crafted images with mismatched extraction and size parameters. The vulnerability affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, potentially exposing confidential information through out-of-bounds memory access. A patch is available for affected users.
ImageMagick is free and open-source software used for editing and manipulating digital images. [CVSS 7.5 HIGH]
ImageMagick and Magick.NET fail to properly validate nested MVG-to-SVG conversions, allowing unauthenticated remote attackers to trigger denial of service conditions. Affected versions prior to 7.1.2-15 and 6.9.13-40 are vulnerable to resource exhaustion attacks through specially crafted image files. A patch is available for both products.
Heap memory disclosure in ImageMagick's PSD file parser allows unauthenticated remote attackers to leak sensitive information from process memory by crafting malicious Photoshop files with improperly compressed layer data. Affected versions prior to 7.1.2-15 and 6.9.13-40 fail to properly validate decompressed data sizes, exposing uninitialized heap contents in generated output images. No patch is currently available for this vulnerability.
ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer dereference in the MSL parser when processing malformed comment tags, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, and affected systems may crash or experience assertion failures depending on build configuration. No patch is currently available to address this medium-severity issue.
Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled data past an allocated heap buffer by submitting a maliciously crafted XBM file, affecting all versions prior to 7.1.2-13 and 6.9.13-38. Because any read or identify operation triggers the flaw, it is reachable through ordinary image upload and conversion pipelines, raising the risk of memory corruption and potential remote code execution. Publicly available exploit code exists and a vendor patch is available, though EPSS exploitation probability remains low (0.08%) and it is not listed in CISA KEV.
Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).
ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.8). Public exploit code available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ImageMagick is free and open-source software used for editing and manipulating digital images. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A vulnerability was found in ImageMagick. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap buffer overflow issue was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. Rated low severity (CVSS 3.6). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.
A flaw was found in ImageMagick in versions before 7.0.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in ImageMagick in MagickCore/resize.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A flaw was found in ImageMagick in coders/jp2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A flaw was found in ImageMagick in coders/txt.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/quantum-private.h. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/quantum-export.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/gem-private.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in coders/bmp.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.