Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,275
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1 - 20 of 138 CVEs

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure.

Vendor: ImageMagick
Product: ImageMagick
Published: Jul 08, 2026
Source: NVD

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any ...

Vendor: ImageMagick
Product: ImageMagick
Published: Jul 08, 2026
Source: NVD
CVE-2026-6382 CRITICAL - 9.1

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

Published: Jul 06, 2026
Source: NVD
CVE-2026-55628 MEDIUM - 5.5

In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.

Vendor: ImageMagick
Product: ImageMagick
Published: Jul 01, 2026
Source: NVD
CVE-2026-55597 MEDIUM - 5.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.

Vendor: imagemagick
Product: imagemagick
Published: Jul 01, 2026
Source: NVD
CVE-2026-55595 MEDIUM - 4.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.

Vendor: imagemagick
Product: imagemagick
Published: Jul 01, 2026
Source: NVD
CVE-2026-55594 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1....

Vendor: imagemagick
Product: imagemagick
Published: Jul 01, 2026
Source: NVD
CVE-2026-55577 MEDIUM - 5.9

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions...

Vendor: imagemagick
Product: imagemagick
Published: Jul 01, 2026
Source: NVD
CVE-2026-55510 MEDIUM - 5.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 an...

Vendor: imagemagick
Product: imagemagick
Published: Jul 01, 2026
Source: NVD
CVE-2026-53467 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions ...

Vendor: imagemagick
Product: imagemagick
Published: Jul 01, 2026
Source: NVD
CVE-2026-53466 MEDIUM - 6.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixe...

Vendor: imagemagick
Product: imagemagick
Published: Jul 01, 2026
Source: NVD

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 30, 2026
Source: NVD

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 30, 2026
Source: NVD

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 30, 2026
Source: NVD

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 30, 2026
Source: NVD

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 30, 2026
Source: NVD

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology parameters causing single pixel memory access violations.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 30, 2026
Source: NVD

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of se...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 24, 2026
Source: NVD

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 24, 2026
Source: NVD

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 23, 2026
Source: NVD