📦 Imagemagick

CVE-2023-34152 is a critical remote code execution vulnerability in ImageMagick's OpenBlob function when compiled with --enable-pipes configuration. Attackers can exploit this by processing malicious ...

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory allocation vulnerability in SVG processing. A malicious SVG file with a crafted element can trigger an attempt to allocate approxi...

This vulnerability is a stack-based buffer overflow in ImageMagick's FTXT image reader, allowing crafted FTXT files to cause out-of-bounds writes on the stack, potentially leading to crashes or arbitr...

ImageMagick's path security policy enforcement occurs before filesystem path resolution, allowing path traversal attacks to bypass policy rules like '/etc/*'. This enables local file disclosure (LFI) ...

This vulnerability in ImageMagick allows attackers to trigger an integer overflow when processing large UHDR images, leading to heap buffer overflow and potential arbitrary code execution. Any system ...

ImageMagick versions before 7.1.2-15 and 6.9.13-40 have a heap information disclosure vulnerability in their PSD format handler. When processing specially crafted ZIP-compressed PSD files, uninitializ...

This vulnerability in ImageMagick allows attackers to cause denial of service by exploiting an infinite loop in PCD file processing. When ImageMagick processes a specially crafted PCD file without a v...

A heap buffer overflow vulnerability in ImageMagick's XBM image decoder allows attackers to write controlled data beyond allocated memory boundaries when processing malicious image files. This affects...

ImageMagick's TIM image parser contains an integer overflow vulnerability that allows attackers to trigger out-of-bounds memory reads by providing specially crafted TIM images. This affects ImageMagic...

A format string vulnerability in ImageMagick's InterpretImageFilename function allows attackers to overwrite arbitrary memory regions by passing unsanitized user input to FormatLocaleString. This can ...

This vulnerability in ImageMagick allows integer overflow during PNG/MNG image processing, leading to memory corruption. Attackers can exploit this by crafting malicious images to potentially execute ...

ImageMagick versions before 7.1.2-1 contain a heap-buffer overflow vulnerability in the MNG image format parser that can leak memory contents into output images. This affects any system or application...

A stack overflow vulnerability in ImageMagick's mogrify command allows attackers to crash the application or potentially execute arbitrary code by providing malicious filename templates with multiple ...

ImageMagick versions before 7.1.2-0 contain an infinite loop vulnerability when processing XMP files during conversion. This can cause denial of service through resource exhaustion. Any system using v...

CVE-2024-41817 is a path injection vulnerability in ImageMagick's AppImage version where empty paths in MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH environment variables allow loading malicious configur...

A memory leak vulnerability in ImageMagick allows remote attackers to cause denial of service by triggering the 'identify -help' command. This affects systems running vulnerable versions of ImageMagic...

This vulnerability in ImageMagick allows attackers to cause a denial of service (DoS) or potentially execute arbitrary code via a division by zero error when processing Enhanced Metafile (EMF) images....

This CVE-2022-32545 is an integer overflow vulnerability in ImageMagick's PSD file parser. When processing specially crafted or untrusted PSD files, it can cause undefined behavior leading to applicat...

This CVE is an alignment vulnerability in ImageMagick's property.c file where misaligned memory access for double and float types can cause undefined behavior. It affects applications that process unt...

This heap-based buffer overflow vulnerability in ImageMagick's TIFF image processing allows attackers to crash applications or potentially execute arbitrary code by providing malicious TIFF files. It ...

This CVE describes a division-by-zero vulnerability in ImageMagick's ConvertXYZToJzazbz() function in MagickCore/colorspace.c, which can be triggered by processing a specially crafted image file. It m...

This CVE describes an integer overflow vulnerability in ImageMagick's thumbnail generation function. Attackers can craft malicious image files that trigger undefined behavior when processed by applica...

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a heap buffer over-read vulnerability when processing images with small dimensions using the -wavelet-denoise operator. This could allow at...

This CVE describes a use-after-free vulnerability in ImageMagick's MSL interpreter when processing invalid <map> elements, causing crashes. It affects ImageMagick versions before 7.1.2-15 and 6.9.13-4...

ImageMagick versions before 7.1.2-15 and 6.9.13-40 contain an out-of-bounds read vulnerability when processing Huffman-coded data in PCD files due to improper boundary checking. This could allow attac...

ImageMagick versions before 7.1.2-15 and 6.9.13-40 contain a vulnerability where specially crafted IPTC profile data can trigger an infinite loop when processed with the IPTCTEXT function. This affect...

ImageMagick versions before 7.1.2-15 and 6.9.13-40 contain a vulnerability where the software fails to detect circular references between two MSL (Magick Scripting Language) files, leading to a stack ...

This CVE describes a heap-use-after-free vulnerability in ImageMagick's MSL (Magick Scripting Language) parser. Attackers can exploit this by crafting malicious MSL scripts to potentially execute arbi...

ImageMagick contains a heap buffer over-read vulnerability in its MAP image decoder that could allow attackers to cause crashes or leak memory by processing specially crafted MAP files. This affects a...

A memory leak vulnerability exists in ImageMagick's ASHLAR image coder when processing certain images. This could allow attackers to cause denial of service by exhausting system memory through repeate...

An integer overflow vulnerability in ImageMagick's SUN decoder allows attackers to trigger an out-of-bounds heap write on 32-bit systems. This can potentially lead to remote code execution or denial o...

This CVE describes a memory leak vulnerability in ImageMagick's STEGANO image decoder. When processing specially crafted steganographic images, the software fails to free allocated memory on certain e...

A NULL pointer dereference vulnerability in ImageMagick's ClonePixelCacheRepository function allows remote attackers to crash applications by providing a specially crafted image file, causing denial o...

A memory leak vulnerability in ImageMagick's ASHLAR image writer allows attackers to cause denial of service by exhausting process memory through crafted images. This affects all systems running vulne...

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a heap buffer over-read vulnerability when processing raw image formats. Attackers can trigger out-of-bounds memory reads by providing imag...

ImageMagick versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL parser when processing <comment> tags before images are loaded. This can cause denial of service (DoS) t...

ImageMagick versions before 7.1.2-13 contain a memory corruption vulnerability in the BilateralBlurImage method. When memory allocation fails, an uninitialized pointer is released, potentially causing...

ImageMagick versions before 7.1.2-13 have a stack overflow vulnerability in the MSL (Magick Scripting Language) <write> command when writing to MSL format, caused by infinite recursion. This can lead ...

ImageMagick versions before 7.1.2-12 contain a denial-of-service vulnerability when processing malicious SVG files. Attackers can cause the application to crash by submitting specially crafted SVG ima...

ImageMagick versions before 7.1.2-12 contain a denial-of-service vulnerability where circular references between two MVG (Magick Vector Graphics) files cause a stack overflow. This affects any system ...

ImageMagick versions before 7.1.2-12 contain an integer overflow vulnerability in the WriteSVGImage function that can trigger a buffer overflow. This allows attackers to cause denial of service (DoS) ...

This CVE describes a double-free vulnerability in ImageMagick's Magick++ layer when Options::fontFamily is called with an empty string. This can lead to crashes, heap corruption, or potential remote c...

ImageMagick versions before 7.1.2-8 contain a vulnerability in the CLAHEImage function where zero tile dimensions cause unsigned integer underflow and division-by-zero errors. This leads to out-of-bou...

ImageMagick versions before 7.1.1-14 contain a heap-based buffer overflow vulnerability (CWE-122) when processing specially crafted TIFF files. This can cause the application to crash, potentially lea...