Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,280
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 21 - 40 of 138 CVEs

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 23, 2026
Source: NVD

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 23, 2026
Source: NVD

ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byt...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 21, 2026
Source: NVD

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 21, 2026
Source: NVD
CVE-2026-48997 HIGH - 7.1

e107 is a content management system (CMS). Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize_image(), the source path is escaped with escapeshellarg(), but the destination path is inserted inside raw double quotes in the conve...

Vendor: e107inc
Product: e107
Published: Jun 17, 2026
Source: NVD
CVE-2026-53465 MEDIUM - 6.2

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-53464 MEDIUM - 4.0

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-53463 MEDIUM - 4.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-53462 MEDIUM - 5.9

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-50 ...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-53461 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-2...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-53460 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and ...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-49219 MEDIUM - 5.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in v...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-49218 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched in...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-48994 MEDIUM - 5.9

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 an...

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-48734 MEDIUM - 5.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-48733 MEDIUM - 4.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-48724 MEDIUM - 5.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24.

Vendor: ImageMagick
Product: ImageMagick
Published: Jun 10, 2026
Source: NVD
CVE-2026-47166 MEDIUM - 5.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions ...

Vendor: nuget
Product: Magick.NET-Q16-AnyCPU
Published: May 22, 2026
Source: GitHub
CVE-2026-47165 MEDIUM - 4.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 and 7...

Vendor: nuget
Product: Magick.NET-Q16-AnyCPU
Published: May 22, 2026
Source: GitHub
CVE-2026-46693 MEDIUM - 4.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has b...

Vendor: nuget
Product: Magick.NET-Q16-AnyCPU
Published: May 22, 2026
Source: GitHub