CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46393
https://notcve.org/view.php?id=CVE-2025-46393
23 Apr 2025 — In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). • https://github.com/ImageMagick/ImageMagick/commit/81ac8a0d2eb21739842ed18c48c7646b7eef65b8 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43965
https://notcve.org/view.php?id=CVE-2025-43965
23 Apr 2025 — In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. • https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 2CVE-2024-41817 – Arbitrary Code Execution in `AppImage` version `ImageMagick`
https://notcve.org/view.php?id=CVE-2024-41817
29 Jul 2024 — ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36. • https://packetstorm.news/files/id/189921 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34790 – WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34790
17 May 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through 1.1.7. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Hans van Eijsden, niwreg ImageMagick Sharpen Resized Images permite XSS almacenado. Este problema afecta a ImageMagick... • https://patchstack.com/database/vulnerability/imagemagick-sharpen-resized-images/wordpress-download-imagemagick-sharpen-resized-images-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5341 – Imagemagick: heap use-after-free in coders/bmp.c
https://notcve.org/view.php?id=CVE-2023-5341
19 Nov 2023 — A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Se encontró una falla de heap-use-after-free en coders/bmp.c en ImageMagick. handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • https://access.redhat.com/security/cve/CVE-2023-5341 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40211 – ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS
https://notcve.org/view.php?id=CVE-2021-40211
22 Aug 2023 — An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. Se ha descubierto un problema con ImageMagick 7.1.0-4 a través de la división por cero en la función ReadEnhMetaFile de coders/emf.c. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include a denial of service vulnerability. • https://github.com/ImageMagick/ImageMagick/issues/4097 • CWE-369: Divide By Zero •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48541 – Ubuntu Security Notice USN-6393-1
https://notcve.org/view.php?id=CVE-2022-48541
22 Aug 2023 — A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Una pérdida de memoria en ImageMagick 7.0.10-45 y 6.9.11-22 permite a atacantes remotos realizar una denegación de servicio mediante el comando "identify -help". It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash. • https://github.com/ImageMagick/ImageMagick/issues/2889 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39978
https://notcve.org/view.php?id=CVE-2023-39978
08 Aug 2023 — ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. • https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3745 – Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h
https://notcve.org/view.php?id=CVE-2023-3745
24 Jul 2023 — A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3745 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3428 – Imagemagick: heap-buffer-overflow in coders/tiff.c
https://notcve.org/view.php?id=CVE-2023-3428
04 Jul 2023 — A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. Se encontró una vulnerabilidad de desbordamiento del búfer en coders/tiff.c en ImageMagick. Este problema puede permitir que un atacante local engañe al usuario para que abra un archivo especialmente manipulado, lo que provocará un bloqueo de la aplicación y una denegación ... • https://access.redhat.com/security/cve/CVE-2023-3428 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •