Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a potential security issue involving infinite recursion in the MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 addresses this issue...

CVE-2026-40312

A flaw was found in ImageMagick. A remote attacker could exploit an off-by-one error when processing a specially crafted malicious MSL Magick Scripting Language file. This vulnerability could lead to a denial of service DoS by causing the application to crash, making it unavailable to users...

CVE-2026-28688

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write...

CVE-2026-28687

A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. A heap use-after-free vulnerability in ImageMagick's MSL Magick Scripting Language decoder allows an attacker to trigger access to freed memory by crafting a malicious MSL file. This c...

CVE-2026-25638

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted image file. This flaw occurs because the WriteMSLImage function in coders/msl.c returns early...

CVE-2026-25971

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. This vulnerability occurs because ImageMagick fails to check for circular references between two Magick Scripting Language MSL files. A remote attacker could exploit this by providing...

CVE-2026-25983

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it,...

Unchecked Input for Loop Condition

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

NULL Pointer Dereference

ImageMagick is vulnerable to a NULL pointer dereference vulnerability. The vulnerability is due to improper handling of tags in the MSL Magick Scripting Language parser before images are loaded, which allows an attacker to trigger a denial-of-service DoS condition via assertion failure in debug...

[SECURITY] [DLA 4448-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4448-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 24, 2026 https://wiki.debian.org/LTS -...

OESA-2026-1246 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1245 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Stack Overflow

ImageMagick is vulnerable to a stack overflow. The vulnerability is due to infinite recursion in the MSL Magick Scripting Language command when writing to MSL format, which allows an attacker to trigger a stack overflow and cause a denial-of-service condition...

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2026-23952

ImageMagick has a NULL pointer dereference in the MSL parser when processing tags before any image loads (CVE-2026-23952). Affected: ImageMagick versions 14.10.1 and earlier. Impact: potential DoS through assertion failure (debug builds) or NULL pointer dereference (release). Mitigation: upgrade...

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

GHSA-5VX3-WX4Q-6CJ8 ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

Summary NULL pointer dereference in MSL Magick Scripting Language parser when processing tag before any image is loaded. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD Steps to Reproduce Method 1: Using ImageMagick directly bash magick MSL:poc.msl out.png Method 2: Using...