CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-24485 – ImageMagick: Infinite loop vulnerability when parsing a PCD file
https://notcve.org/view.php?id=CVE-2026-24485
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un... • https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-24484 – ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS
https://notcve.org/view.php?id=CVE-2026-24484
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, Magick no verifica las conversiones anidadas de mvg a svg de múltiples capas, lo que llev... • https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-24481 – ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression
https://notcve.org/view.php?id=CVE-2026-24481
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software ... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-23952 – ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
https://notcve.org/view.php?id=CVE-2026-23952
22 Jan 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2026-23876 – Heap buffer overflow with attacker-controlled data in XBM parser
https://notcve.org/view.php?id=CVE-2026-23876
20 Jan 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.1... • https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-23874 – ImageMagick's MSL: Stack overflow via infinite recursion in ProcessMSLScript
https://notcve.org/view.php?id=CVE-2026-23874
20 Jan 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-22770 – ImageMagick vulnerable to Release of Invalid Pointer in BilateralBlur when memory allocation fails
https://notcve.org/view.php?id=CVE-2026-22770
20 Jan 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue. • https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-69204 – ImageMagick converting a malicious MVG file to SVG caused an integer overflow.
https://notcve.org/view.php?id=CVE-2025-69204
30 Dec 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue. It was discovered that ImageMagick incorrectly handled image depth values when processing MIFF image files. • https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68950 – Magick's failure to limit MVG mutual references forming a loop
https://notcve.org/view.php?id=CVE-2025-68950
30 Dec 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue. This update for ImageMagick fixes the following issues. • https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec • CWE-674: Uncontrolled Recursion •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68618 – Magick's failure to limit the depth of SVG file reads caused a DoS attack.
https://notcve.org/view.php?id=CVE-2025-68618
30 Dec 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue. It was discovered that ImageMagick incorrectly handled image depth values when processing MIFF image files. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. • https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb • CWE-674: Uncontrolled Recursion •