Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ImageMagick — Vulnerabilities & Security Advisories 98

Browse all 98 CVE security advisories affecting ImageMagick. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ImageMagick is a widely used open-source software suite for creating, editing, and composing bitmap images, serving as a foundational backend for numerous web applications and content management systems. Its extensive feature set and default configuration have historically introduced significant security risks, resulting in nearly one hundred recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE) and Denial of Service (DoS), often triggered by maliciously crafted image files that exploit buffer overflows or unsafe command-line argument parsing. While Cross-Site Scripting (XSS) and privilege escalation vulnerabilities have also been documented, RCE remains the primary threat vector due to the tool’s ability to process complex image formats. Major incidents, such as the "ImageTragick" vulnerability, highlighted critical flaws in how the software handles input, prompting widespread adoption of stricter security policies and configuration hardening across the industry to mitigate these inherent risks.

Top products by ImageMagick: ImageMagick
CVE IDTitleCVSSSeverityPublished
CVE-2026-28686 ImageMagick has a write heap-buffer-overflow in PCL encoder via undersized output buffer — ImageMagickCWE-122 6.8 Medium2026-03-09
CVE-2026-28494 ImageMagick affected by stack corruption through long morphology kernel names or arrays — ImageMagickCWE-121 7.1 High2026-03-09
CVE-2026-28493 ImageMagick has a Integer Overflow leading to out of bounds write in SIXEL decoder — ImageMagickCWE-190 6.5 Medium2026-03-09
CVE-2026-27799 ImageMagick has a heap Buffer Over-read in its DJVU image format handler — ImageMagickCWE-122 4.0 Medium2026-02-25
CVE-2026-27798 ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images — ImageMagickCWE-125 4.0 Medium2026-02-25
CVE-2026-26983 ImageMagick: Invalid MSL <map> can result in a use after free — ImageMagickCWE-476 5.3 Medium2026-02-24
CVE-2026-26284 ImageMagick has heap overflow in pcd decoder that leads to out of bounds read. — ImageMagickCWE-122 6.5 Medium2026-02-24
CVE-2026-26283 ImageMagick has possible infinite loop in JPEG encoder when using `jpeg:extent` — ImageMagickCWE-835 6.2 Medium2026-02-24
CVE-2026-26066 ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile — ImageMagickCWE-400 6.2 Medium2026-02-24
CVE-2026-25989 ImageMagick has integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder — ImageMagickCWE-190 7.5 High2026-02-24
CVE-2026-25988 ImageMagick's MSL image stack index not refreshed, leading to leaked images. — ImageMagickCWE-401 5.3 Medium2026-02-24
CVE-2026-25987 ImageMagick has heap buffer over-read in MAP image decoder — ImageMagickCWE-125 5.3 Medium2026-02-24
CVE-2026-25986 ImageMagick has a heap buffer overflow in YUV 4:2:2 decoder — ImageMagickCWE-787 5.3 Medium2026-02-24
CVE-2026-25985 Memory allocation with excessive without limits in the internal SVG decoder — ImageMagickCWE-770 7.5 High2026-02-24
CVE-2026-25983 ImageMagick has Use After Free in MSLStartElement in "coders/msl.c" — ImageMagickCWE-416 5.3 Medium2026-02-24
CVE-2026-25982 ImageMagick Has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage) — ImageMagickCWE-125 6.5 Medium2026-02-24
CVE-2026-25971 ImageMagick's MSL: Stack overflow in ProcessMSLScript — ImageMagickCWE-674 6.2 Medium2026-02-24
CVE-2026-25970 ImageMagick SIXEL Decoder Has Signed Integer Overflow, Leading to Memory Corruption — ImageMagickCWE-190 5.3 Medium2026-02-24
CVE-2026-25969 ImageMagick has Memory Leak in coders/ashlar.c — ImageMagickCWE-401 5.3 Medium2026-02-24
CVE-2026-25968 ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write. — ImageMagickCWE-121 7.4 High2026-02-24
CVE-2026-25967 ImageMagick has stack buffer overflow in FTXT reader via oversized integer field — ImageMagickCWE-121 7.4 High2026-02-24
CVE-2026-25966 ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access — ImageMagickCWE-284 5.9 Medium2026-02-24
CVE-2026-25965 ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy — ImageMagickCWE-22 8.6 High2026-02-24
CVE-2026-25898 Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer — ImageMagickCWE-125 6.5 Medium2026-02-24
CVE-2026-25897 ImageMagick has heap overflow in sun decoder on 32-bit systems that can result in out of bounds write — ImageMagickCWE-122 6.5 Medium2026-02-24
CVE-2026-25799 ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash — ImageMagickCWE-369 5.3 Medium2026-02-24
CVE-2026-25798 ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image — ImageMagickCWE-476 5.3 Medium2026-02-24
CVE-2026-25797 ImageMagick vulnerable to Code injection via PostScript header in ps coders — ImageMagickCWE-94 5.7 Medium2026-02-24
CVE-2026-25796 ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths — ImageMagickCWE-401 5.3 Medium2026-02-24
CVE-2026-25795 ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) — ImageMagickCWE-476 5.3 Medium2026-02-24

This page lists every published CVE security advisory associated with ImageMagick. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.