CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-28687 – ImageMagick has a Heap Use-After-Free in ImageMagick MSL decoder
https://notcve.org/view.php?id=CVE-2026-28687
09 Mar 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-28686 – ImageMagick has a write heap-buffer-overflow in PCL encoder via undersized output buffer
https://notcve.org/view.php?id=CVE-2026-28686
09 Mar 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885 • CWE-122: Heap-based Buffer Overflow CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-28494 – ImageMagick affected by stack corruption through long morphology kernel names or arrays
https://notcve.org/view.php?id=CVE-2026-28494
09 Mar 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-28493 – ImageMagick has a Integer Overflow leading to out of bounds write in SIXEL decoder
https://notcve.org/view.php?id=CVE-2026-28493
09 Mar 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2026-27799 – ImageMagick has a heap Buffer Over-read in its DJVU image format handler
https://notcve.org/view.php?id=CVE-2026-27799
25 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch. • https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced • CWE-122: Heap-based Buffer Overflow CWE-126: Buffer Over-read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2026-27798 – ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images
https://notcve.org/view.php?id=CVE-2026-27798
25 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, ocurre una vulnerabilidad de lectura excesiv... • https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-26983 – ImageMagick: Invalid MSL <map> can result in a use after free
https://notcve.org/view.php?id=CVE-2026-26983
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-26284 – ImageMagick has heap overflow in pcd decoder that leads to out of bounds read.
https://notcve.org/view.php?id=CVE-2026-26284
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-26283 – ImageMagick has possible infinite loop in JPEG encoder when using `jpeg:extent`
https://notcve.org/view.php?id=CVE-2026-26283
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es software libre y de código abierto utilizado para editar y manipula... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-26066 – ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile
https://notcve.org/view.php?id=CVE-2026-26066
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, un perfil manipulado que contiene datos IPTC no válidos puede causar u... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •