EUVD-2026-17716

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference NPD in CIccTagLut16::Write can be triggered when processing a crafted ICC profile embedded in a TIFF and extracted during iccTiffDump. This issue has...

USN-8127-1: ImageMagick vulnerabilities

It was discovered that ImageMagick did not properly process certain tags prior to an image being loaded. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. CVE-2026-23952 It was discovered that ImageMagick did not properly handle temporary...

USN-8127-1 imagemagick vulnerabilities

It was discovered that ImageMagick did not properly process certain tags prior to an image being loaded. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. CVE-2026-23952 It was discovered that ImageMagick did not properly handle temporary...

SUSE CVE-2026-30883

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

EUVD-2026-10391

ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder...

CVE-2026-30883

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the formatIPTC function. An attacker can cause the application to enter an infinite loop and exhaust system resources by supplying a malicious image profile containing invalid IPTC data. Remediation A fix was pushed int...

CVE-2025-41087

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

PT-2025-47899

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

SUSE CVE-2012-1186

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service infinite loop via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248...