Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,268
Quick preset (or use dates below)
Clear Filters
Showing 121 - 140 of 173 CVEs
CVE-2026-25797 MEDIUM - 5.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malic...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25796 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ ...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25795 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25794 HIGH - 8.2

ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25638 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasin...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25637 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never free...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25576 MEDIUM - 5.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger ...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-24485 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing t...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-24484 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-24481 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file conta...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD

ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds

Vendor: nuget
Product: Magick.NET-Q16-AnyCPU
Published: Feb 23, 2026
Source: NVD
CVE-2026-26046 HIGH - 7.2

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could r...

Vendor: moodle
Product: moodle
Published: Feb 21, 2026
Source: NVD

# Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which e...

Vendor: Rails
Product: activestorage
Published: Jan 30, 2026
Source: NVD
CVE-2026-23952 MEDIUM - 6.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS at...

Vendor: nuget
Product: Magick.NET-Q8-x64
Published: Jan 21, 2026
Source: GitHub
CVE-2026-23874 MEDIUM - 5.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format. Version 7.1.2-13 fixes the issue.

Vendor: nuget
Product: Magick.NET-Q8-x64
Published: Jan 21, 2026
Source: GitHub
CVE-2026-22770 MEDIUM - 6.5

ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result...

Vendor: nuget
Product: Magick.NET-Q8-x64
Published: Jan 20, 2026
Source: GitHub
CVE-2026-23876 HIGH - 8.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when proces...

Vendor: ImageMagick
Product: ImageMagick
Published: Jan 20, 2026
Source: NVD
CVE-2026-22600 CRITICAL - 9.1

OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file (disguised as a PNG) as a work package attachment, an atta...

Vendor: openproject
Product: openproject
Published: Jan 10, 2026
Source: NVD
CVE-2025-69204 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Ve...

Vendor: imagemagick
Product: imagemagick
Published: Dec 30, 2025
Source: NVD
CVE-2025-68950 MEDIUM - 6.2

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will ...

Vendor: imagemagick
Product: imagemagick
Published: Dec 30, 2025
Source: NVD