CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-42050 – ImageMagick: Stack buffer overflow in XTileImage
https://notcve.org/view.php?id=CVE-2026-42050
11 May 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability is fixed in 7.1.2-21 and 6.9.13-46. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40312 – ImageMagick: Off-by-One in MSL decoder could result in crash
https://notcve.org/view.php?id=CVE-2026-40312
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/commit/2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-40311 – ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values
https://notcve.org/view.php?id=CVE-2026-40311
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d • CWE-416: Use After Free CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-40310 – ImageMagick: Heap out-of-bounds write in JP2 encoder
https://notcve.org/view.php?id=CVE-2026-40310
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40183 – ImageMagick: Heap buffer overflow when encoding JXL image with a 16-bit float
https://notcve.org/view.php?id=CVE-2026-40183
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40169 – ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders
https://notcve.org/view.php?id=CVE-2026-40169
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-34238 – ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds
https://notcve.org/view.php?id=CVE-2026-34238
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-33908 – ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()
https://notcve.org/view.php?id=CVE-2026-33908
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth limit imposed. When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-33905 – ImageMagick has an Out-of-Bounds read via -sample operation
https://notcve.org/view.php?id=CVE-2026-33905
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-33902 – ImageMagick: Stack Overflow via Recursive FX Expression Parsing
https://notcve.org/view.php?id=CVE-2026-33902
13 Apr 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19. • https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba • CWE-674: Uncontrolled Recursion •