Filtered by vendor Imagemagick
Subscriptions
Total
662 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41817 | 2 Imagemagick, Linux | 2 Imagemagick, Linux Kernel | 2025-11-20 | 7 High |
| ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36. | ||||
| CVE-2023-5341 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-11-20 | 6.2 Medium |
| A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | ||||
| CVE-2023-3745 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2025-11-20 | 5.5 Medium |
| A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. | ||||
| CVE-2023-3428 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-11-20 | 6.2 Medium |
| A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. | ||||
| CVE-2022-48541 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2025-11-04 | 7.1 High |
| A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. | ||||
| CVE-2025-62594 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 4.7 Medium |
| ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8. | ||||
| CVE-2025-57807 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 3.8 Low |
| ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2. | ||||
| CVE-2025-57803 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 7.5 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | ||||
| CVE-2025-55298 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 7.5 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | ||||
| CVE-2025-55212 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 3.7 Low |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | ||||
| CVE-2025-55154 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 8.8 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. | ||||
| CVE-2025-53101 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 7.4 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue. | ||||
| CVE-2025-53019 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 3.7 Low |
| ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue. | ||||
| CVE-2025-53014 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 3.7 Low |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue. | ||||
| CVE-2025-62171 | 1 Imagemagick | 1 Imagemagick | 2025-11-03 | 5.9 Medium |
| ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32. | ||||
| CVE-2016-3718 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2025-10-22 | 5.5 Medium |
| The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | ||||
| CVE-2016-3715 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2025-10-22 | 5.5 Medium |
| The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | ||||
| CVE-2016-3714 | 6 Canonical, Debian, Imagemagick and 3 more | 7 Ubuntu Linux, Debian Linux, Imagemagick and 4 more | 2025-10-22 | 8.4 High |
| The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | ||||
| CVE-2025-53015 | 1 Imagemagick | 1 Imagemagick | 2025-10-08 | 7.5 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue. | ||||
| CVE-2025-55005 | 1 Imagemagick | 1 Imagemagick | 2025-08-15 | 5.5 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1. | ||||