Imagemagick Security Vulnerabilities (CVEs)

Track 44 security vulnerabilities affecting Imagemagick products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

1 Critical

21 High

21 Medium

1 Low

Sort by:

🔔 Get Alerts for Imagemagick

CVE-2026-27798 4.0

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a heap buffer over-read vulnerability when processing images with small dimensions using ...

Feb 26, 2026

CVE-2026-26983 5.3

This CVE describes a use-after-free vulnerability in ImageMagick's MSL interpreter when processing invalid <map> elements, causing crashes. It affects...

Feb 24, 2026

CVE-2026-26284 6.5

ImageMagick versions before 7.1.2-15 and 6.9.13-40 contain an out-of-bounds read vulnerability when processing Huffman-coded data in PCD files due to ...

Feb 24, 2026

CVE-2026-26066 6.2

ImageMagick versions before 7.1.2-15 and 6.9.13-40 contain a vulnerability where specially crafted IPTC profile data can trigger an infinite loop when...

Feb 24, 2026

CVE-2026-25985 7.5

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory allocation vulnerability in SVG processing. A malicious SVG file with a crafted ...

Feb 24, 2026

CVE-2026-25987 5.3

ImageMagick contains a heap buffer over-read vulnerability in its MAP image decoder that could allow attackers to cause crashes or leak memory by proc...

Feb 24, 2026

CVE-2026-25971 6.2

ImageMagick versions before 7.1.2-15 and 6.9.13-40 contain a vulnerability where the software fails to detect circular references between two MSL (Mag...

Feb 24, 2026

CVE-2026-25983 5.3

This CVE describes a heap-use-after-free vulnerability in ImageMagick's MSL (Magick Scripting Language) parser. Attackers can exploit this by crafting...

Feb 24, 2026

CVE-2026-25965 8.6

ImageMagick's path security policy enforcement occurs before filesystem path resolution, allowing path traversal attacks to bypass policy rules like '...

Feb 24, 2026

CVE-2026-25967 7.4

This vulnerability is a stack-based buffer overflow in ImageMagick's FTXT image reader, allowing crafted FTXT files to cause out-of-bounds writes on t...

Feb 24, 2026

CVE-2026-25969 5.3

A memory leak vulnerability exists in ImageMagick's ASHLAR image coder when processing certain images. This could allow attackers to cause denial of s...

Feb 24, 2026

CVE-2026-25897 6.5

An integer overflow vulnerability in ImageMagick's SUN decoder allows attackers to trigger an out-of-bounds heap write on 32-bit systems. This can pot...

Feb 24, 2026

CVE-2026-25796 5.3

This CVE describes a memory leak vulnerability in ImageMagick's STEGANO image decoder. When processing specially crafted steganographic images, the so...

Feb 24, 2026

CVE-2026-25798 5.3

A NULL pointer dereference vulnerability in ImageMagick's ClonePixelCacheRepository function allows remote attackers to crash applications by providin...

Feb 24, 2026

CVE-2026-25794 8.2

This vulnerability in ImageMagick allows attackers to trigger an integer overflow when processing large UHDR images, leading to heap buffer overflow a...

Feb 24, 2026

CVE-2026-25576 5.1

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a heap buffer over-read vulnerability when processing raw image formats. Attackers can tr...

Feb 24, 2026

CVE-2026-25637 5.3

A memory leak vulnerability in ImageMagick's ASHLAR image writer allows attackers to cause denial of service by exhausting process memory through craf...

Feb 24, 2026

CVE-2026-24481 7.5

ImageMagick versions before 7.1.2-15 and 6.9.13-40 have a heap information disclosure vulnerability in their PSD format handler. When processing speci...

Feb 24, 2026

CVE-2026-24485 7.5

This vulnerability in ImageMagick allows attackers to cause denial of service by exploiting an infinite loop in PCD file processing. When ImageMagick ...

Feb 24, 2026

CVE-2026-23952 6.5

ImageMagick versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL parser when processing <comment> tags before images ar...

Jan 22, 2026

CVE-2026-22770 6.5

ImageMagick versions before 7.1.2-13 contain a memory corruption vulnerability in the BilateralBlurImage method. When memory allocation fails, an unin...

Jan 20, 2026

CVE-2026-23874 5.5

ImageMagick versions before 7.1.2-13 have a stack overflow vulnerability in the MSL (Magick Scripting Language) <write> command when writing to MSL fo...

Jan 20, 2026

CVE-2026-23876 8.1

A heap buffer overflow vulnerability in ImageMagick's XBM image decoder allows attackers to write controlled data beyond allocated memory boundaries w...

Jan 20, 2026

CVE-2025-68618 5.3

ImageMagick versions before 7.1.2-12 contain a denial-of-service vulnerability when processing malicious SVG files. Attackers can cause the applicatio...

Dec 30, 2025

CVE-2025-68950 4.0

ImageMagick versions before 7.1.2-12 contain a denial-of-service vulnerability where circular references between two MVG (Magick Vector Graphics) file...

Dec 30, 2025

CVE-2025-69204 5.3

ImageMagick versions before 7.1.2-12 contain an integer overflow vulnerability in the WriteSVGImage function that can trigger a buffer overflow. This ...

Dec 30, 2025

CVE-2025-68469 3.3

ImageMagick versions before 7.1.1-14 contain a heap-based buffer overflow vulnerability (CWE-122) when processing specially crafted TIFF files. This c...

Dec 18, 2025

CVE-2025-66628 7.5

ImageMagick's TIM image parser contains an integer overflow vulnerability that allows attackers to trigger out-of-bounds memory reads by providing spe...

Dec 10, 2025

CVE-2025-65955 4.9

This CVE describes a double-free vulnerability in ImageMagick's Magick++ layer when Options::fontFamily is called with an empty string. This can lead ...

Dec 2, 2025

CVE-2025-62594 4.7

ImageMagick versions before 7.1.2-8 contain a vulnerability in the CLAHEImage function where zero tile dimensions cause unsigned integer underflow and...

Oct 27, 2025

CVE-2025-55298 7.5

A format string vulnerability in ImageMagick's InterpretImageFilename function allows attackers to overwrite arbitrary memory regions by passing unsan...

Aug 26, 2025

CVE-2025-55154 8.8

This vulnerability in ImageMagick allows integer overflow during PNG/MNG image processing, leading to memory corruption. Attackers can exploit this by...

Aug 13, 2025

CVE-2025-55004 7.6

ImageMagick versions before 7.1.2-1 contain a heap-buffer overflow vulnerability in the MNG image format parser that can leak memory contents into out...

Aug 13, 2025

CVE-2025-53101 7.4

A stack overflow vulnerability in ImageMagick's mogrify command allows attackers to crash the application or potentially execute arbitrary code by pro...

Jul 14, 2025

CVE-2025-53015 7.5

ImageMagick versions before 7.1.2-0 contain an infinite loop vulnerability when processing XMP files during conversion. This can cause denial of servi...

Jul 14, 2025

CVE-2024-41817 7.0

CVE-2024-41817 is a path injection vulnerability in ImageMagick's AppImage version where empty paths in MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH envi...

Jul 29, 2024

CVE-2022-48541 7.1

A memory leak vulnerability in ImageMagick allows remote attackers to cause denial of service by triggering the 'identify -help' command. This affects...

Aug 22, 2023

CVE-2021-40211 7.5

This vulnerability in ImageMagick allows attackers to cause a denial of service (DoS) or potentially execute arbitrary code via a division by zero err...

Aug 22, 2023

CVE-2023-34152 9.8

CVE-2023-34152 is a critical remote code execution vulnerability in ImageMagick's OpenBlob function when compiled with --enable-pipes configuration. A...

May 30, 2023

CVE-2022-32545 7.8

This CVE-2022-32545 is an integer overflow vulnerability in ImageMagick's PSD file parser. When processing specially crafted or untrusted PSD files, i...

Jun 16, 2022

CVE-2022-32547 7.8

This CVE is an alignment vulnerability in ImageMagick's property.c file where misaligned memory access for double and float types can cause undefined ...

Jun 16, 2022

CVE-2021-3610 7.5

This heap-based buffer overflow vulnerability in ImageMagick's TIFF image processing allows attackers to crash applications or potentially execute arb...

Feb 24, 2022

CVE-2021-20310 7.5

This CVE describes a division-by-zero vulnerability in ImageMagick's ConvertXYZToJzazbz() function in MagickCore/colorspace.c, which can be triggered ...

May 11, 2021

CVE-2021-20312 7.5

This CVE describes an integer overflow vulnerability in ImageMagick's thumbnail generation function. Attackers can craft malicious image files that tr...

May 11, 2021

Why Monitor Imagemagick Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 44+ known vulnerabilities affecting Imagemagick products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Imagemagick packages in under 60 seconds. No agents required - completely agentless scanning that works across Imagemagick deployments.

Free vulnerability database: Access detailed information about every Imagemagick CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Imagemagick CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Imagemagick CVEs Free