ImageMagick
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in ImageMagick.
Known Exploited ImageMagick Vulnerabilities
The following ImageMagick vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| ImageMagick Improper Input Validation Vulnerability |
ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image. CVE-2016-3714 Exploit Probability: 97.5% |
September 9, 2024 |
| ImageMagick Ephemeral Coder Arbitrary File Deletion Vulnerability |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. CVE-2016-3715 Exploit Probability: 75.4% |
November 3, 2021 |
| ImageMagick SSRF Vulnerability |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. CVE-2016-3718 Exploit Probability: 76.9% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 100 vulnerabilities in ImageMagick with an average score of 5.9 out of ten. Last year, in 2025 Imagemagick had 22 security vulnerabilities published. That is, 78 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.30.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 100 | 5.92 |
| 2025 | 22 | 5.62 |
| 2024 | 3 | 7.80 |
| 2023 | 16 | 6.11 |
| 2022 | 15 | 6.54 |
| 2021 | 16 | 4.70 |
| 2020 | 40 | 4.54 |
| 2019 | 64 | 7.06 |
| 2018 | 60 | 7.24 |
It may take a day or so for new Imagemagick vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent ImageMagick Security Vulnerabilities
ImageMagick 7.1.2-25 SF3 Encoder Heap Buffer Overwrite in Prior Versions
CVE-2026-53465
6.2 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.
Heap-based Buffer Overflow
ImageMagick 7.1.2-25 Memory Leak in Wand Option Parser (CVE-2026-53464)
CVE-2026-53464
4 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.
Memory Leak
ImageMagick NPE on Distort op prior to 6.9.13-50/7.1.2-25
CVE-2026-53463
4.3 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
NULL Pointer Dereference
ImageMagick pre-6.9.13-50/7.1.2-25 heap-use-after-free CheckPrimitiveExtent
CVE-2026-53462
5.9 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
Dangling pointer
ImageMagick 7.x ICON Decoder: OOB Heap Write (7.1.2-24)
CVE-2026-53461
7.5 - High
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
Memory Corruption
ImageMagick OOM in AcquireAlignedMemory (pre-6.9.13-50/7.1.2-25)
CVE-2026-53460
7.5 - High
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
Allocation of Resources Without Limits or Throttling
ImageMagick 6.9.13-48/7.1.2-24: Filename Parsing Bypass via Symlink Read
CVE-2026-49219
5.5 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
Directory traversal
Invalid DCM decode in ImageMagick <6.9.13-48 / <7.1.2-24 causes crash
CVE-2026-49218
7.5 - High
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
Improper Input Validation
ImageMagick 6.9.13-48/7.1.2-24 MAT Decoder Heap Buffer Overwrite 32bit
CVE-2026-48994
5.9 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
Heap-based Buffer Overflow
ImageMagick CVE-2026-48734: MVG Stack Overflow Pre v6.9.13-49/7.1.2-24
CVE-2026-48734
5.5 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.
Stack Exhaustion
ImageMagick <6.9.13-49 & <7.1.2-24: Infinite Loop in Subimage-Search
CVE-2026-48733
4.7 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.
Infinite Loop
ImageMagick <7.1.2-24 Heap Buffer Overwrite via FloydSteinberg Dithering
CVE-2026-48724
5.5 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24.
Memory Corruption
ImageMagick heap buffer over-read via -distribute-cache (pre-6.9.13-48/7.1.2-23)
CVE-2026-47166
5.7 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
Out-of-bounds Read
ImageMagick Pixel Cache Auth Bypass (6.9.13-47, 7.1.2-22)
CVE-2026-47165
4.1 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challengeresponse authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.
Information Disclosure
ImageMagick < 6.9.13-48/7.1.2-23: FD Hijack via race in magick-distribute-cache
CVE-2026-46693
4.1 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
Race Condition
ImageMagick 6.9.13-47 Heap Buffer OVR via magick -distribute-cache
CVE-2026-46692
4.1 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
Heap-based Buffer Overflow
ImageMagick <6.9.13-48 & <7.1.2-23: JP2 Buffer Overwrite in Heap
CVE-2026-46559
4 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
off-by-five
ImageMagick FX Stack Overflow via Missing Depth Check (v<7.1.2-23)
CVE-2026-46557
6.2 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.
Stack Exhaustion
ImageMagick MIFF LZMA OOB Write Before 6.9.13-48 / 7.1.2-23
CVE-2026-46521
5.5 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
Incorrect Calculation of Buffer Size
ImageMagick OOB Heap Write via Multi-Image Read Before 6.9.13-48/7.1.2-23
CVE-2026-46520
7.5 - High
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
Heap-based Buffer Overflow
ImageMagick <=6.9.13-47,7.1.2-22: MNG Coder Missing Resource Check (CVE-2026-45664)
CVE-2026-45664
5.3 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
Resource Exhaustion
ImageMagick MIFF decoder infinite loop CPU exhaustion prior to 7.1.2.23/6.9.13-48
CVE-2026-46522
7.5 - High
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.
Resource Exhaustion
ImageMagick 6.9.13-47/7.1.2-22 POF Over-Read in Poly Distortion
CVE-2026-45624
5.1 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
Out-of-bounds Read
ImageMagick <6.9.13-48/7.1.2-22 Heap OVR by conn-comp:keep-top
CVE-2026-45359
5.7 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-22.
Out-of-bounds Read
ImageMagick <=6.9.13-46 MetEnc OOB Read
CVE-2026-45358
5.3 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
Out-of-bounds Read
OOB Read in ImageMagick IPTC Output <6.9.13-47, 7.1.2-22
CVE-2026-42326
5.1 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
Out-of-bounds Read
ImageMagick PSD Decoder Bypass: List-Length Policy before 6.9.13-47/7.1.2-22
CVE-2026-45031
5.3 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
Resource Exhaustion
ImageMagick heap-use-after-free via MSL image (v<7.1.2.23 & <6.9.13-48)
CVE-2026-46523
6.2 - Medium
- June 10, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue.
Dangling pointer
ImageMagick MIFF Overflow in Display Tool (pre 7.1.2-21 / 6.9.13-46)
CVE-2026-42050
5.5 - Medium
- May 11, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability is fixed in 7.1.2-21 and 6.9.13-46.
Stack Overflow
ImageMagick <7.1.2-19 MSL Decoder Off-by-One Crash
CVE-2026-40312
6.2 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.
off-by-five
ImageMagick HEAP Use-After-Free in XMP Profile Reader (v<6.9.13-44, v<7.1.2-19)
CVE-2026-40311
5.5 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Dangling pointer
ImageMagick <6.9.13-44,<7.1.2-19 JP2 Encoder Heap OOB via Invalid Sampling
CVE-2026-40310
5.5 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Heap-based Buffer Overflow
ImageMagick JXL Encoder Heap Write Overflow <7.1.2-19
CVE-2026-40183
5.5 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19.
Heap-based Buffer Overflow
ImageMagick <=7.1.2-18 OOB Heap Write via YAML/JSON
CVE-2026-40169
6.2 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.
Heap-based Buffer Overflow
Heap BO via Despeckle Int Overflow (ImageMagick <7.1.2-19/<6.9.13-44)
CVE-2026-34238
5.1 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Integer Overflow or Wraparound
ImageMagick <7.1.2-19 DoS via Unbounded XMLTree Destruct
CVE-2026-33908
7.5 - High
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth limit imposed. When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Stack Exhaustion
ImageMagick Sample Offset OOB Read pre-7.1.2-19 & pre-6.9.13-44
CVE-2026-33905
5.5 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Out-of-bounds Read
ImageMagick Stack Overflow in FX Parser <7.1.2-19 & <6.9.13-44
CVE-2026-33902
5.5 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Stack Exhaustion
ImageMagick MVG decoder heap overflow <7.1.2-19 & <6.9.13-44
CVE-2026-33901
7.5 - High
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Heap-based Buffer Overflow
ImageMagick viff encoder OOB heap write on 32bit builds (CVE202633900)
CVE-2026-33900
5.9 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Integer Overflow or Wraparound
ImageMagick Magick XML OOB Zero-Byte Write (6.9.13-44,7.1.2-189)
CVE-2026-33899
5.3 - Medium
- April 13, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Heap-based Buffer Overflow
ImageMagick <=7.1.2-17 stack overflow via incorrect return value
CVE-2026-33536
5.1 - Medium
- March 26, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
Memory Corruption
ImageMagick X11 OOB Write in display() before 7.1.2-18/6.9.13-43
CVE-2026-33535
4 - Medium
- March 26, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
Memory Corruption
ImageMagick NewXMLTree OOB Write Crash before 7.1.2-17 & 6.9.13-42
CVE-2026-32636
5.3 - Medium
- March 18, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue.
Memory Corruption
ImageMagick <7.1.2-16,6.9.13-41 Sixel Encoder Stack Buffer Overwrite
CVE-2026-32259
6.7 - Medium
- March 12, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Stack Overflow
ImageMagick 7.1.2-16/6.9.13-41 SFW Decoder Overflow on 32-Bit
CVE-2026-31853
5.7 - Medium
- March 11, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Heap-based Buffer Overflow
ImageMagick XWD Encoder Overflow (<7.1.2-16, <6.9.13-41)
CVE-2026-30937
6.8 - Medium
- March 09, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Heap-based Buffer Overflow
ImageMagick OOB Heap Write in WaveletDenoiseImage <7.1.2-16
CVE-2026-30936
5.5 - Medium
- March 09, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Heap-based Buffer Overflow
ImageMagick <7.1.2-16 BilateralBlur Image Heap OOB Read
CVE-2026-30935
4.4 - Medium
- March 09, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16.
Out-of-bounds Read
Heap BOV in ImageMagick UHDR Encoder (v<7.1.2-16) - Fixed
CVE-2026-30931
6.8 - Medium
- March 09, 2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16.
Heap-based Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for ImageMagick or by ImageMagick? Click the Watch button to subscribe.
