Filtered by vendor Imagemagick Subscriptions
Total 652 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-3718 6 Canonical, Imagemagick, Opensuse and 3 more 31 Ubuntu Linux, Imagemagick, Leap and 28 more 2025-07-28 5.5 Medium
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3715 6 Canonical, Imagemagick, Opensuse and 3 more 31 Ubuntu Linux, Imagemagick, Leap and 28 more 2025-07-28 5.5 Medium
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3714 6 Canonical, Debian, Imagemagick and 3 more 7 Ubuntu Linux, Debian Linux, Imagemagick and 4 more 2025-07-28 8.4 High
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2025-53101 1 Imagemagick 1 Imagemagick 2025-07-15 7.4 High
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVE-2025-53019 1 Imagemagick 1 Imagemagick 2025-07-15 3.7 Low
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVE-2025-53015 1 Imagemagick 1 Imagemagick 2025-07-15 7.5 High
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
CVE-2025-53014 1 Imagemagick 1 Imagemagick 2025-07-15 3.7 Low
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVE-2019-13454 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2025-07-11 6.5 Medium
ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
CVE-2022-28463 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-06-26 7.8 High
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2025-46393 1 Imagemagick 1 Imagemagick 2025-04-29 2.9 Low
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).
CVE-2025-43965 1 Imagemagick 1 Imagemagick 2025-04-29 2.9 Low
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.
CVE-2016-10052 1 Imagemagick 1 Imagemagick 2025-04-20 7.8 High
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2014-9804 1 Imagemagick 1 Imagemagick 2025-04-20 7.5 High
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
CVE-2016-10053 1 Imagemagick 1 Imagemagick 2025-04-20 5.5 Medium
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
CVE-2016-10051 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2025-04-20 7.8 High
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10047 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
CVE-2014-9838 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
CVE-2016-10144 1 Imagemagick 1 Imagemagick 2025-04-20 9.8 Critical
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
CVE-2016-10046 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10065 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2025-04-20 N/A
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.