Imagemagick CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (739 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2016-8866	2 Imagemagick, Opensuse	3 Imagemagick, Leap, Opensuse	2025-04-20	8.8 High
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
CVE-2016-9298	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
CVE-2016-7536	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
CVE-2016-9559	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	6.5 Medium
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVE-2016-9773	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
CVE-2014-9915	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.
CVE-2016-7535	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.
CVE-2017-10928	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
CVE-2017-10995	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
CVE-2017-11141	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
CVE-2014-9848	4 Canonical, Imagemagick, Opensuse and 1 more	10 Ubuntu Linux, Imagemagick, Leap and 7 more	2025-04-20	7.5 High
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
CVE-2017-11170	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
CVE-2017-11188	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
CVE-2017-11310	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
CVE-2016-7534	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.
CVE-2017-11360	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
CVE-2017-11446	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
CVE-2017-11447	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVE-2017-11448	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVE-2016-7533	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.

« first previous Page 11 of 37. next last »