Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ImageMagick — Vulnerabilities & Security Advisories 98

Browse all 98 CVE security advisories affecting ImageMagick. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ImageMagick is a widely used open-source software suite for creating, editing, and composing bitmap images, serving as a foundational backend for numerous web applications and content management systems. Its extensive feature set and default configuration have historically introduced significant security risks, resulting in nearly one hundred recorded Common Vulnerabilities and Exposures. The most prevalent issues involve Remote Code Execution (RCE) and Denial of Service (DoS), often triggered by maliciously crafted image files that exploit buffer overflows or unsafe command-line argument parsing. While Cross-Site Scripting (XSS) and privilege escalation vulnerabilities have also been documented, RCE remains the primary threat vector due to the tool’s ability to process complex image formats. Major incidents, such as the "ImageTragick" vulnerability, highlighted critical flaws in how the software handles input, prompting widespread adoption of stricter security policies and configuration hardening across the industry to mitigate these inherent risks.

Top products by ImageMagick: ImageMagick
CVE IDTitleCVSSSeverityPublished
CVE-2026-25794 ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions — ImageMagickCWE-122 8.2 High2026-02-24
CVE-2026-25638 ImageMagick has memory leak in msl encoder — ImageMagickCWE-401 5.3 Medium2026-02-24
CVE-2026-25637 ImageMagick: Possible memory leak in ASHLAR encoder — ImageMagickCWE-401 5.3 Medium2026-02-24
CVE-2026-25576 ImageMagick: Out of bounds read in multiple coders read raw pixel data — ImageMagickCWE-122 5.1 Medium2026-02-24
CVE-2026-24485 ImageMagick: Infinite loop vulnerability when parsing a PCD file — ImageMagickCWE-400 7.5 High2026-02-24
CVE-2026-24484 ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS — ImageMagickCWE-400 5.3 Medium2026-02-24
CVE-2026-24481 ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression — ImageMagickCWE-125 7.5 High2026-02-24
CVE-2026-23952 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load — ImageMagickCWE-476 6.5 Medium2026-01-22
CVE-2026-23876 Heap buffer overflow with attacker-controlled data in XBM parser — ImageMagickCWE-122 8.1 High2026-01-20
CVE-2026-23874 ImageMagick's MSL: Stack overflow via infinite recursion in ProcessMSLScript — ImageMagickCWE-835 5.5 Medium2026-01-20
CVE-2026-22770 ImageMagick vulnerable to Release of Invalid Pointer in BilateralBlur when memory allocation fails — ImageMagickCWE-763 6.5 Medium2026-01-20
CVE-2025-69204 ImageMagick converting a malicious MVG file to SVG caused an integer overflow. — ImageMagickCWE-190 5.3 Medium2025-12-30
CVE-2025-68950 Magick's failure to limit MVG mutual references forming a loop — ImageMagickCWE-674 4.0 Medium2025-12-30
CVE-2025-68618 Magick's failure to limit the depth of SVG file reads caused a DoS attack. — ImageMagickCWE-674 5.3 Medium2025-12-30
CVE-2025-68469 ImageMagick vulnerable to heap-buffer-overflow — ImageMagickCWE-122 6.5AIMediumAI2025-12-18
CVE-2025-66628 ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only) — ImageMagickCWE-125 7.5 High2025-12-10
CVE-2025-65955 ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family — ImageMagickCWE-415 4.9 Medium2025-12-02
CVE-2025-62594 ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS) — ImageMagickCWE-119 4.7 Medium2025-10-27
CVE-2025-62171 ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems — ImageMagickCWE-190 5.9 Medium2025-10-17
CVE-2025-57807 ImageMagick BlobStream Forward-Seek Under-Allocation — ImageMagickCWE-787 3.8 Low2025-09-05
CVE-2025-57803 ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow — ImageMagickCWE-122 7.5 High2025-08-26
CVE-2025-55298 ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution — ImageMagickCWE-123 7.5 High2025-08-26
CVE-2025-55212 ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash — ImageMagickCWE-369 3.7 Low2025-08-26
CVE-2025-55160 ImageMagick Undefined Behavior (function-type-mismatch) in CloneSplayTree — ImageMagickCWE-758 6.1 Medium2025-08-13
CVE-2025-55154 ImageMagick: integer overflows in MNG magnification — ImageMagickCWE-190 8.8 High2025-08-13
CVE-2025-55005 ImageMagick: heap-buffer overflow in log colorspace handling — ImageMagickCWE-122 5.5 Medium2025-08-13
CVE-2025-55004 ImageMagick: heap-buffer overflow read in MNG magnification with alpha — ImageMagickCWE-122 7.6 High2025-08-13
CVE-2025-53101 ImageMagick has Stack Buffer Overflow in image.c — ImageMagickCWE-124 7.4 High2025-07-14
CVE-2025-53019 ImageMagick has Memory Leak in magick stream — ImageMagickCWE-125 3.7 Low2025-07-14
CVE-2025-53015 ImageMagick has XMP profile write that triggers hang due to unbounded loop — ImageMagickCWE-835 7.5 High2025-07-14

This page lists every published CVE security advisory associated with ImageMagick. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.