CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23876 – Heap buffer overflow with attacker-controlled data in XBM parser
https://notcve.org/view.php?id=CVE-2026-23876
20 Jan 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.1... • https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-23874 – ImageMagick's MSL: Stack overflow via infinite recursion in ProcessMSLScript
https://notcve.org/view.php?id=CVE-2026-23874
20 Jan 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-22770 – ImageMagick vulnerable to Release of Invalid Pointer in BilateralBlur when memory allocation fails
https://notcve.org/view.php?id=CVE-2026-22770
20 Jan 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue. • https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-69204 – ImageMagick converting a malicious MVG file to SVG caused an integer overflow.
https://notcve.org/view.php?id=CVE-2025-69204
30 Dec 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue. It was discovered that ImageMagick incorrectly handled image depth values when processing MIFF image files. • https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68950 – Magick's failure to limit MVG mutual references forming a loop
https://notcve.org/view.php?id=CVE-2025-68950
30 Dec 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue. This update for ImageMagick fixes the following issues. • https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec • CWE-674: Uncontrolled Recursion •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68618 – Magick's failure to limit the depth of SVG file reads caused a DoS attack.
https://notcve.org/view.php?id=CVE-2025-68618
30 Dec 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue. It was discovered that ImageMagick incorrectly handled image depth values when processing MIFF image files. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. • https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68469 – ImageMagick vulnerable to heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2025-68469
18 Dec 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue. This update for ImageMagick fixes the following issues. Possible use-after-free/double-free in 'Options::fontFamily' when clearing a family can lead to crashes or memory corruption. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fff3-4rp7-px97 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66628 – ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only)
https://notcve.org/view.php?id=CVE-2025-66628
10 Dec 2025 — ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), w... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62594 – ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)
https://notcve.org/view.php?id=CVE-2025-62594
27 Oct 2025 — ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8. This update for ImageMagick fixes the following issu... • https://github.com/ImageMagick/ImageMagick/commit/7b47fe369eda90483402fcd3d78fa4167d3bb129 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-191: Integer Underflow (Wrap or Wraparound) CWE-369: Divide By Zero •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-62171 – ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems
https://notcve.org/view.php?id=CVE-2025-62171
17 Oct 2025 — ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. T... • https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 • CWE-190: Integer Overflow or Wraparound •