Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ImageMagick — Vulnerabilities & Security Advisories 98

Browse all 98 CVE security advisories affecting ImageMagick. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ImageMagick is a widely used open-source software suite for creating, editing, and composing bitmap images, serving as a foundational backend for numerous web applications and content management systems. Its extensive feature set and default configuration have historically introduced significant security risks, resulting in nearly one hundred recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE) and Denial of Service (DoS), often triggered by maliciously crafted image files that exploit buffer overflows or unsafe command-line argument parsing. While Cross-Site Scripting (XSS) and privilege escalation vulnerabilities have also been documented, RCE remains the primary threat vector due to the tool’s ability to process complex image formats. Major incidents, such as the "ImageTragick" vulnerability, highlighted critical flaws in how the software handles input, prompting widespread adoption of stricter security policies and configuration hardening across the industry to mitigate these inherent risks.

Top products by ImageMagick: ImageMagick
CVE IDTitleCVSSSeverityPublished
CVE-2026-40312 ImageMagick: Off-by-One in MSL decoder could result in crash — ImageMagickCWE-193 6.2 Medium2026-04-13
CVE-2026-40311 ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values — ImageMagickCWE-416 5.5 Medium2026-04-13
CVE-2026-40310 ImageMagick: Heap out-of-bounds write in JP2 encoder — ImageMagickCWE-122 5.5 Medium2026-04-13
CVE-2026-40183 ImageMagick: Heap buffer overflow when encoding JXL image with a 16-bit float — ImageMagickCWE-122 5.5 Medium2026-04-13
CVE-2026-40169 ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders — ImageMagickCWE-122 6.2 Medium2026-04-13
CVE-2026-34238 ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds — ImageMagickCWE-190 5.1 Medium2026-04-13
CVE-2026-33908 ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree() — ImageMagickCWE-674 7.5 High2026-04-13
CVE-2026-33905 ImageMagick has an Out-of-Bounds read via -sample operation — ImageMagickCWE-125 5.5 Medium2026-04-13
CVE-2026-33902 ImageMagick: Stack Overflow via Recursive FX Expression Parsing — ImageMagickCWE-674 5.5 Medium2026-04-13
CVE-2026-33901 ImageMagick has a Heap Buffer Overflow via MVG decoder — ImageMagickCWE-122 7.5 High2026-04-13
CVE-2026-33900 ImageMagick has a Heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds — ImageMagickCWE-190 5.9 Medium2026-04-13
CVE-2026-33899 ImageMagick: Heap BufferOverflow write of single zero byte when parsing XML — ImageMagickCWE-122 5.3 Medium2026-04-13
CVE-2026-33536 ImageMagick has an Out-of-bounds Write via InterpretImageFilename — ImageMagickCWE-787 5.1 Medium2026-03-26
CVE-2026-33535 ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction — ImageMagickCWE-787 4.0 Medium2026-03-26
CVE-2026-32636 ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash — ImageMagickCWE-787 5.3 Medium2026-03-18
CVE-2026-32259 ImageMagick has a possible stack buffer overflow in sixel encoder — ImageMagickCWE-121 6.7 Medium2026-03-12
CVE-2026-31853 ImageMagick has a heap buffer over-write on 32-bit systems in SFW decoder — ImageMagickCWE-122 5.7 Medium2026-03-11
CVE-2026-30937 ImageMagick has a heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation — ImageMagickCWE-122 6.8 Medium2026-03-09
CVE-2026-30936 ImageMagick has a heap Buffer Overflow in WaveletDenoiseImage — ImageMagickCWE-122 5.5 Medium2026-03-09
CVE-2026-30935 ImageMagick has a heap Buffer Over-Read in BilateralBlurImage — ImageMagickCWE-125 4.4 Medium2026-03-09
CVE-2026-30931 ImageMagick has a heap-based buffer overflow in UHDR encoder — ImageMagickCWE-122 6.8 Medium2026-03-09
CVE-2026-30929 ImageMagick has a stack buffer overflow in MagnifyImage — ImageMagickCWE-121 7.7 High2026-03-09
CVE-2026-30883 ImageMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder — ImageMagickCWE-119 5.7 Medium2026-03-09
CVE-2026-28693 ImageMagick has an integer overflow in DIB coder can result in out of bounds read or write — ImageMagickCWE-125 8.1 High2026-03-09
CVE-2026-28692 ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder — ImageMagickCWE-125 4.8 Medium2026-03-09
CVE-2026-28691 ImageMagick has an uninitialized pointer dereference in JBIG decoder — ImageMagickCWE-252 7.5 High2026-03-09
CVE-2026-28690 ImageMagick has a stack write buffer overflow in MNG encoder — ImageMagickCWE-121 6.9 Medium2026-03-09
CVE-2026-28689 ImageMagick has a Path Policy TOCTOU symlink race bypass — ImageMagickCWE-59 6.3 Medium2026-03-09
CVE-2026-28688 ImageMagick has a heap use-after-free in the MSL encoder — ImageMagickCWE-416 4.0 Medium2026-03-09
CVE-2026-28687 ImageMagick has a Heap Use-After-Free in ImageMagick MSL decoder — ImageMagickCWE-416 5.3 Medium2026-03-09

This page lists every published CVE security advisory associated with ImageMagick. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.