Search Results (789 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0762 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.
CVE-2003-0455 2 Imagemagick, Redhat 2 Libmagick Library, Enterprise Linux 2026-04-16 N/A
The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.
CVE-2005-0761 3 Imagemagick, Redhat, Sgi 3 Imagemagick, Enterprise Linux, Propack 2026-04-16 N/A
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
CVE-2004-0981 5 Debian, Gentoo, Imagemagick and 2 more 5 Debian Linux, Linux, Imagemagick and 2 more 2026-04-16 N/A
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
CVE-2005-1739 3 Graphicsmagick, Imagemagick, Redhat 3 Graphicsmagick, Imagemagick, Enterprise Linux 2026-04-16 N/A
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
CVE-2006-3744 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
CVE-2005-4601 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
CVE-2006-3743 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
CVE-2006-4144 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
CVE-2006-2440 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
CVE-2003-0555 1 Imagemagick 1 Imagemagick 2026-04-16 N/A
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
CVE-2026-33535 1 Imagemagick 1 Imagemagick 2026-04-03 4 Medium
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
CVE-2026-33536 1 Imagemagick 1 Imagemagick 2026-04-03 5.1 Medium
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
CVE-2026-32636 1 Imagemagick 1 Imagemagick 2026-03-25 5.3 Medium
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue.
CVE-2026-32259 1 Imagemagick 1 Imagemagick 2026-03-23 6.7 Medium
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVE-2026-31853 1 Imagemagick 1 Imagemagick 2026-03-20 5.7 Medium
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVE-2022-2719 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2026-03-06 5.5 Medium
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
CVE-2023-34153 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2026-02-27 7.8 High
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVE-2025-57803 1 Imagemagick 1 Imagemagick 2026-02-26 7.5 High
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVE-2021-3610 3 Fedoraproject, Imagemagick, Redhat 3 Fedora, Imagemagick, Enterprise Linux 2026-01-26 7.5 High
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.