Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-55577

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-01 Jul, 2026 | 18:56
Updated At-01 Jul, 2026 | 19:24
Rejected At-
Credits

ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:01 Jul, 2026 | 18:56
Updated At:01 Jul, 2026 | 19:24
Rejected At:
â–¼CVE Numbering Authority (CNA)
ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Affected Products
Vendor
ImageMagick Studio LLCImageMagick
Product
ImageMagick
Versions
Affected
  • >= 7.0.1-0, < 7.1.2-26
  • < 6.9.13-51
Problem Types
TypeCWE IDDescription
CWECWE-754CWE-754: Improper Check for Unusual or Exceptional Conditions
CWECWE-755CWE-755: Improper Handling of Exceptional Conditions
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-754
Description: CWE-754: Improper Check for Unusual or Exceptional Conditions
Type: CWE
CWE ID: CWE-755
Description: CWE-755: Improper Handling of Exceptional Conditions
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p
x_refsource_CONFIRM
Hyperlink: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:01 Jul, 2026 | 19:16
Updated At:02 Jul, 2026 | 19:30

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

ImageMagick Studio LLC
imagemagick
>>imagemagick>>Versions before 6.9.13-51(exclusive)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>imagemagick>>Versions from 7.0.0-0(inclusive) to 7.1.2-26(exclusive)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-754Secondarysecurity-advisories@github.com
CWE-755Secondarysecurity-advisories@github.com
CWE-787Secondarysecurity-advisories@github.com
CWE ID: CWE-754
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-755
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-787
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6psecurity-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p
Source: security-advisories@github.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

121Records found

CVE-2026-53462
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 13.37%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 22:04
Updated-11 Jun, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Use-After-Free when allocation in CheckPrimitiveExtent fails

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-416
Use After Free
CVE-2026-48994
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 13.37%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 21:58
Updated-11 Jun, 2026 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Over-Write in MAT decoder on 32-bit systems

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-33900
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 20:50
Updated-17 Apr, 2026 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a Heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-62171
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.74% / 50.02%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 16:30
Updated-03 Nov, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems

ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2014-1947
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-6.85% / 93.26%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 20:56
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.

Action-Not Available
Vendor-n/aImageMagick Studio LLCSUSE
Product-linux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_desktopimagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19667
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.63% / 73.35%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 00:00
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-53461
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.32%
||
7 Day CHG+0.08%
Published-10 Jun, 2026 | 22:03
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Out-of-bounds write in ICON decoder due to incorrect loop

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-53465
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.11% / 1.64%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 22:07
Updated-11 Jun, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-25967
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.32% / 23.76%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:29
Updated-23 Jun, 2026 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has stack buffer overflow in FTXT reader via oversized integer field

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3213
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 37.04%
||
7 Day CHG+0.02%
Published-19 Sep, 2022 | 17:31
Updated-03 Aug, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13300
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.17% / 86.44%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:52
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13307
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.08% / 79.24%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:53
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13306
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.08% / 79.24%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:53
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-193
Off-by-one Error
CVE-2019-13304
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.08% / 79.24%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:53
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13298
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.37% / 81.77%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:51
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLC
Product-imagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-55597
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.19%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 19:03
Updated-02 Jul, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-682
Incorrect Calculation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-48724
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 1.20%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 21:52
Updated-11 Jun, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Underwrite in Floyd-Steinberg depth dithering

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-46520
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.35%
||
7 Day CHG+0.12%
Published-10 Jun, 2026 | 21:31
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-46521
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 1.59%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 21:40
Updated-11 Jun, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-46559
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4||MEDIUM
EPSS-0.12% / 1.90%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 21:45
Updated-11 Jun, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-193
Off-by-one Error
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3745
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.75%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 15:19
Updated-26 Jun, 2026 | 09:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34474
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.37% / 29.30%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3428
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.31% / 23.18%
||
7 Day CHG+0.02%
Published-04 Oct, 2023 | 18:02
Updated-20 Nov, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Imagemagick: heap-buffer-overflow in coders/tiff.c

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxfedoraimagemagickRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-40169
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.18% / 7.80%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 21:25
Updated-17 Apr, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-40310
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.72%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 21:32
Updated-17 Apr, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap out-of-bounds write in JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3195
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 39.32%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-16642
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.04% / 85.89%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-33535
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4||MEDIUM
EPSS-0.14% / 3.77%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 19:52
Updated-02 Apr, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-33536
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.13% / 2.76%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 19:57
Updated-02 Apr, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has an Out-of-bounds Write via InterpretImageFilename

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-33901
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.80%
||
7 Day CHG+0.06%
Published-13 Apr, 2026 | 20:56
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a Heap Buffer Overflow via MVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-34238
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.15% / 4.37%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 21:14
Updated-17 Apr, 2026 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-32636
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 37.63%
||
7 Day CHG~0.00%
Published-18 Mar, 2026 | 20:39
Updated-19 Mar, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1115
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.55% / 42.11%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 14:03
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14551
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.03% / 89.36%
||
7 Day CHG~0.00%
Published-23 Jul, 2018 | 08:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-30929
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.11% / 1.36%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 21:46
Updated-13 Mar, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a stack buffer overflow in MagnifyImage

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12599
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.29% / 87.00%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12600
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.29% / 87.00%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28693
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.33% / 25.38%
||
7 Day CHG+0.09%
Published-09 Mar, 2026 | 21:42
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has an integer overflow in DIB coder can result in out of bounds read or write

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-26284
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 32.39%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 02:00
Updated-24 Feb, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has heap overflow in pcd decoder that leads to out of bounds read.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-25968
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.27% / 19.01%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:30
Updated-23 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-25971
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.21% / 10.92%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:39
Updated-23 Jun, 2026 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick's MSL: Stack overflow in ProcessMSLScript

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-25986
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 36.76%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 01:44
Updated-28 Feb, 2026 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick has a heap buffer overflow in YUV 4:2:2 decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5510
Matching Score-6
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-6
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-2.27% / 80.94%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-23876
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.61% / 44.82%
||
7 Day CHG+0.11%
Published-20 Jan, 2026 | 01:01
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap buffer overflow with attacker-controlled data in XBM parser

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-12876
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.99% / 85.67%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-13142
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.81% / 75.98%
||
7 Day CHG~0.00%
Published-23 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-3610
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.72% / 84.23%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 00:00
Updated-26 Jan, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

Action-Not Available
Vendor-n/aImageMagick Studio LLCFedora ProjectRed Hat, Inc.
Product-enterprise_linuximagemagickfedoraImageMagick
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7535
Matching Score-6
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-6
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-3.33% / 87.15%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-7531
Matching Score-6
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-6
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-2.88% / 85.15%
||
7 Day CHG~0.00%
Published-19 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-8707
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-3.65% / 88.25%
||
7 Day CHG~0.00%
Published-23 Dec, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick 7.0.3-1
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found