Imagemagick: >> Imagemagick >> 6.9.13-26 Security Vulnerabilities
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-13
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-08-13
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-13
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).
CVSS Score
2.9
EPSS Score
0.002
Published
2025-04-23
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.
CVSS Score
2.9
EPSS Score
0.002
Published
2025-04-23
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-19
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-10-04
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-16
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-16
A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-06-06