CLSA-2026-1775121601 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDoubleToLong - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

CVE-2025-66628

CVE-2025-66628 affects ImageMagick’s TIM image parser (ReadTIMImage in coders/tim.c). In versions up to 7.1.2-9, width/height are read as 16-bit values and image_size = 2 * width * height can overflow on 32-bit systems, causing a small heap allocation and enabling an out-of-bounds read. This is m...

EUVD-2025-202428

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...

CVE-2025-66628 ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only)

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...

CVE-2025-66628 ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only)

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...