ImageMagick

ImageMagick 7.1.2-8 CLAHEImage UOOB DoS
CVE-2025-62594 4.7 - Medium - October 27, 2025

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.

Buffer Overflow

ImageMagick BMP Decoder Integer Overflow on 32bit < v7.1.2-7/6.9.13-32
CVE-2025-62171 5.9 - Medium - October 17, 2025

ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.

Integer Overflow or Wraparound

Memory Corruption in ImageMagick Img Enc (CVE-2025-47327)
CVE-2025-47327 7.8 - High - September 24, 2025

Memory corruption while encoding the image data.

Dangling pointer

ImageMagick <14.8.2 SeekBlob/WriteBlob Heap Write (CVE-2025-57807)
CVE-2025-57807 3.8 - Low - September 05, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2 arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.

Memory Corruption

ImageMagick BMP Encoder 32bit Integer Overflow (6.9.1327 & 7.1.21)
CVE-2025-57803 7.5 - High - August 26, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoders scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

Heap-based Buffer Overflow

ImageMagick Format String Bug in InterpretImageFilename (before 6.9.13-28/7.1.2-2)
CVE-2025-55298 7.5 - High - August 26, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

Write-what-where Condition

ImageMagick pre-6.9.13-28/7.1.2-2 DoS via ':' geometry string in montage
CVE-2025-55212 3.7 - Low - August 26, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

Divide By Zero

ImageMagick <7.1.2-1 Heap Buffer Overflow in ReadOneMNGIMage
CVE-2025-55004 4.3 - Medium - August 13, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.

ImageMagick 7.1.2-1 Memory Corruption via logmap buffer overflow
CVE-2025-55005 - August 13, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.

ImageMagick <6.9.13-27 PNG Overflow
CVE-2025-55154 8.8 - High - August 13, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

Integer Overflow or Wraparound

ImageMagick DoS via U.B. in Splay Tree Clone (before 6.9.13-27/7.1.2-1)
CVE-2025-55160 5.3 - Medium - August 13, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

ImageMagick <7.1.2-0: XMP Infinite Line Issue
CVE-2025-53015 - July 14, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.

Infinite Loop

ImageMagick memory leak via %d template in magick stream (V<7.1.2-0/V<6.9.13-26)
CVE-2025-53019 3.7 - Low - July 14, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Out-of-bounds Read

ImageMagick stack overflow via consecutive %d in mogrify (pre-7.1.2-0/6.9.13-26)
CVE-2025-53101 7.4 - High - July 14, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

buffer underrun

ImageMagick <7.1.2-0/6.9.13-26: Heap OBF in InterpretImageFilename
CVE-2025-53014 3.7 - Low - July 14, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Out-of-bounds Read

ImageMagick 7.1.1-43: MIFF Depth Mishandling Post SetQuantumFormat
CVE-2025-43965 - April 23, 2025

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.

Arbitrary Code Exec via Empty PATH in ImageMagick AppImage <7.11-36
CVE-2024-41817 7.8 - High - July 29, 2024

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.

DLL preloading

ImageMagick DoS via Unexpected Input Triggering Assert Crash
CVE-2024-21523 - July 10, 2024

All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.

ImageMagick Stored XSS via Sharpen Resized Images (before 1.1.7)
CVE-2024-34790 - June 03, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through 1.1.7.

XSS

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick
CVE-2023-3428 6.2 - Medium - October 04, 2023

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

Heap-based Buffer Overflow

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22
CVE-2022-48541 - August 22, 2023

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.

An issue was discovered with ImageMagick 7.1.0-4
CVE-2021-40211 7.5 - High - August 22, 2023

An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.

Divide By Zero

ImageMagick before 6.9.12-91
CVE-2023-39978 3.3 - Low - August 08, 2023

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

Memory Leak

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h
CVE-2023-3745 5.5 - Medium - July 24, 2023

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

Out-of-bounds Read

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c
CVE-2023-34474 5.5 - Medium - June 16, 2023

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Memory Corruption

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c
CVE-2023-34475 5.5 - Medium - June 16, 2023

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

Dangling pointer

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c
CVE-2023-3195 5.5 - Medium - June 16, 2023

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

Memory Corruption

A heap-based buffer overflow vulnerability was found in the ImageMagick package
CVE-2023-2157 5.5 - Medium - June 06, 2023

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

Memory Corruption

A vulnerability was found in ImageMagick
CVE-2023-34152 9.8 - Critical - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Shell injection

A vulnerability was found in ImageMagick
CVE-2023-34153 7.8 - High - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

Command Injection

A vulnerability was found in ImageMagick
CVE-2023-34151 5.5 - Medium - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

Integer Overflow or Wraparound

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c
CVE-2023-1906 5.5 - Medium - April 12, 2023

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Heap-based Buffer Overflow

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault
CVE-2023-1289 5.5 - Medium - March 23, 2023

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Improper Input Validation

ImageMagick 7.1.0-49 is vulnerable to Denial of Service
CVE-2022-44267 6.5 - Medium - February 06, 2023

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

Improper Resource Shutdown or Release

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure
CVE-2022-44268 6.5 - Medium - February 06, 2023

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

A heap buffer overflow issue was found in ImageMagick
CVE-2022-3213 5.5 - Medium - September 19, 2022

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Memory Corruption

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'
CVE-2022-0284 7.1 - High - August 29, 2022

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.

Out-of-bounds Read

A heap-buffer-overflow flaw was found in ImageMagicks PushShortPixel() function of quantum-private.h file
CVE-2022-1115 5.5 - Medium - August 29, 2022

A heap-buffer-overflow flaw was found in ImageMagicks PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

Memory Corruption

A vulnerability was found in ImageMagick-7.0.11-5
CVE-2021-3574 3.3 - Low - August 26, 2022

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

Memory Leak

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c
CVE-2021-20224 5.5 - Medium - August 25, 2022

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.

Integer Overflow or Wraparound

In ImageMagick
CVE-2022-2719 5.5 - Medium - August 10, 2022

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

assertion failure

In ImageMagick, there is load of misaligned address for type 'double'
CVE-2022-32547 7.8 - High - June 16, 2022

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Incorrect Type Conversion or Cast

A vulnerability was found in ImageMagick
CVE-2022-32545 7.8 - High - June 16, 2022

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Integer Overflow or Wraparound

A vulnerability was found in ImageMagick
CVE-2022-32546 7.8 - High - June 16, 2022

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Integer Overflow or Wraparound

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28463 7.8 - High - May 08, 2022

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Classic Buffer Overflow

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file
CVE-2022-1114 7.1 - High - April 29, 2022

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Dangling pointer

A flaw was found in ImageMagick
CVE-2021-4219 5.5 - Medium - March 23, 2022

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

Improper Input Validation

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c
CVE-2021-3610 7.5 - High - February 24, 2022

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

Memory Corruption

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c
CVE-2021-3596 6.5 - Medium - February 24, 2022

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

NULL Pointer Dereference

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes
CVE-2021-3962 7.8 - High - November 19, 2021

A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Dangling pointer