Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue arises from an off-by-one error that causes out-of-bounds memory access when...

CLSA-2026-1775748729 ImageMagick: Fix of 4 CVEs

CVE-2026-25968: stack buffer overflow in MSL image-processing language via WriteMSLImage recursion - CVE-2026-25897: out-of-bounds heap write in SUN decoder on 32-bit systems via integer overflow in pixel buffer allocation - CVE-2025-53014: out-of-bounds read in InterpretImageFilename when...

OESA-2026-1719 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

CVE-2026-33536 ImageMagick has an Out-of-bounds Write via InterpretImageFilename

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds...

CVE-2026-33536

Summary: ImageMagick is affected in versions prior to 7.1.2-18 and 6.9.13-43. due to an incorrect return value on certain platforms, a pointer can be incremented past the end of a stack buffer, resulting in an out-of-bounds write via InterpretImageFilename. The issue is fixed in 7.1.2-18 and 6.9....

CVE-2026-33536 ImageMagick has an Out-of-bounds Write via InterpretImageFilename

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds...

EUVD-2026-16368

ImageMagick has an Out-of-bounds Write via InterpretImageFilename...

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to an incorrect return value on certain platforms, which causes a pointer to be incremented past the end of a stack buffer in the InterpretImageFilename function. An attacker can cause a denial of service or...

GHSA-8793-7XV6-82CF ImageMagick has an Out-of-bounds Write via InterpretImageFilename

Due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. ================================================================= ==48558==ERROR: AddressSanitizer: stack-buffer-overflow o...

ImageMagick has an Out-of-bounds Write via InterpretImageFilename

Due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. ================================================================= ==48558==ERROR: AddressSanitizer: stack-buffer-overflow o...

GHSA-7JXJ-RPX7-PH2C Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

CVE-2026-23497

Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...

CVE-2026-23497 Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages

Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...

CVE-2026-23497

CVE-2026-23497 affects Frappe Learning Management System (LMS) up to and including version 2.44.0, where a stored XSS vulnerability arises from unsanitized image filenames rendered on course and jobs pages. The root cause is image filename handling that allows malicious JavaScript execution. The ...

CVE-2026-23497 Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages

Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...

EUVD-2026-2666

Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, there was a format string bug vulnerability in the InterpretImageFilename function, where user input was directly passed to FormatLocaleString withou...