CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-55160 – ImageMagick Undefined Behavior (function-type-mismatch) in CloneSplayTree
https://notcve.org/view.php?id=CVE-2025-55160
13 Aug 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x • CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-55154 – ImageMagick: integer overflows in MNG magnification
https://notcve.org/view.php?id=CVE-2025-55154
13 Aug 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55005 – ImageMagick: heap-buffer overflow in log colorspace handling
https://notcve.org/view.php?id=CVE-2025-55005
13 Aug 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55004 – ImageMagick: heap-buffer overflow read in MNG magnification with alpha
https://notcve.org/view.php?id=CVE-2025-55004
13 Aug 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53101 – ImageMagick has Stack Buffer Overflow in image.c
https://notcve.org/view.php?id=CVE-2025-53101
14 Jul 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue. These are all security issues fixed in the ImageMagick... • https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53019 – ImageMagick has Memory Leak in magick stream
https://notcve.org/view.php?id=CVE-2025-53019
14 Jul 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue. These are all security issues fixed in the ImageMagick-7.1.2.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53015 – ImageMagick has XMP profile write that triggers hang due to unbounded loop
https://notcve.org/view.php?id=CVE-2025-53015
14 Jul 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue. These are all security issues fixed in the ImageMagick-7.1.2.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://drive.google.com/file/d/1iegkwlTjqnJTtM4XkiheYsjKsC6pxtId/view?usp=sharing • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53014 – ImageMagick has Heap Buffer Overflow in InterpretImageFilename
https://notcve.org/view.php?id=CVE-2025-53014
14 Jul 2025 — ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue. These are all security issues fixed in the ImageMagick-7.1.2.0-1.1 package on the GA media of openSUSE T... • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 3CVE-2024-41817 – Arbitrary Code Execution in `AppImage` version `ImageMagick`
https://notcve.org/view.php?id=CVE-2024-41817
29 Jul 2024 — ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36. • https://packetstorm.news/files/id/189921 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5341 – Imagemagick: heap use-after-free in coders/bmp.c
https://notcve.org/view.php?id=CVE-2023-5341
09 Oct 2023 — A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Se encontró una falla de heap-use-after-free en coders/bmp.c en ImageMagick. handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • https://access.redhat.com/security/cve/CVE-2023-5341 • CWE-416: Use After Free •