CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-26983 – ImageMagick: Invalid MSL <map> can result in a use after free
https://notcve.org/view.php?id=CVE-2026-26983
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-26284 – ImageMagick has heap overflow in pcd decoder that leads to out of bounds read.
https://notcve.org/view.php?id=CVE-2026-26284
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-26283 – ImageMagick has possible infinite loop in JPEG encoder when using `jpeg:extent`
https://notcve.org/view.php?id=CVE-2026-26283
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es software libre y de código abierto utilizado para editar y manipula... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-26066 – ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile
https://notcve.org/view.php?id=CVE-2026-26066
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, un perfil manipulado que contiene datos IPTC no válidos puede causar u... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25989 – ImageMagick has integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder
https://notcve.org/view.php?id=CVE-2026-25989
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es software libre y de código abierto utilizado para editar y manipular imágenes digitales. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84 • CWE-190: Integer Overflow or Wraparound CWE-193: Off-by-one Error CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25988 – ImageMagick's MSL image stack index not refreshed, leading to leaked images.
https://notcve.org/view.php?id=CVE-2026-25988
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, a veces msl.c no actualiza el índice de la p... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25987 – ImageMagick has heap buffer over-read in MAP image decoder
https://notcve.org/view.php?id=CVE-2026-25987
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25986 – ImageMagick has a heap buffer overflow in YUV 4:2:2 decoder
https://notcve.org/view.php?id=CVE-2026-25986
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25985 – Memory allocation with excessive without limits in the internal SVG decoder
https://notcve.org/view.php?id=CVE-2026-25985
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, un archivo SVG manipulado q... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25983 – ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"
https://notcve.org/view.php?id=CVE-2026-25983
24 Feb 2026 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch. ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566 • CWE-416: Use After Free •