14699 matches found
CVE-2026-61870
A flaw was found in ImageMagick. This vulnerability involves a memory leak within the VIFF encoder, a component responsible for handling image files. An attacker could exploit this by providing specially crafted VIFF images, which would trigger memory allocation failures. This action can exhaust...
CVE-2026-61858
A flaw was found in ImageMagick. This vulnerability allows attackers to bypass configured policy restrictions through the APNG Animated Portable Network Graphics encoding process. By exploiting missing validation checks in the APNG encoder and external delegates, an attacker can write files to...
CVE-2026-61861
A flaw was found in ImageMagick. This use-after-free vulnerability exists in the FormatMagickCaption method. When memory allocation fails, an attacker can trigger a dangling pointer to reference freed memory. This could potentially lead to a denial of service or arbitrary code execution...
CVE-2026-61465
A flaw was found in ImageMagick. This vulnerability occurs because ImageMagick is missing a check for the allowed memory allocation limit during certain image processing operations, such as when using the -canny function. A remote attacker could provide a specially crafted image, causing the...
CVE-2026-61857
A flaw was found in ImageMagick. This vulnerability allows a remote attacker to cause the application to crash. The issue stems from improper handling of XMP Extensible Metadata Platform profiles within image files. By crafting a malicious image with specially designed XMP data, an attacker can...
EUVD-2026-43189
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service...
EUVD-2026-43188
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...
CVE-2026-61870
CVE-2026-61870 concerns ImageMagick before 7.1.2-26, where a memory leak in the VIFF encoder occurs when memory allocation fails. Processing specially crafted VIFF images can exhaust memory and trigger denial of service. The connected documents provide the affected product/version and the underly...
CVE-2026-61858
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...
EUVD-2026-43187
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...
CVE-2026-61857
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
EUVD-2026-43185
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...
CVE-2026-61857
ImageMagick prior to 7.1.2-26 contains a heap use-after-free vulnerability caused by a missing null check when parsing XMP profiles. Attackers can craft specially crafted XMP data in image files to trigger the issue, potentially causing application crashes. The CVE record and CVE list entries con...
CVE-2026-56372
CVE-2026-56372 affects ImageMagick prior to 7.1.2-19. The vulnerability is a heap buffer overflow in the magnify operation caused by an unrecognized magnify:method value, which can lead to an out-of-bounds read. This may allow exposure of sensitive information or contribute to a denial of service...
ImageMagick-7.1.2.27-1.1 on GA media (moderate)
ImageMagick-7.1.2.27-1.1 on GA media Announcement ID: openSUSE-SU-2026:11228-1 Rating: moderate Cross-References: CVE-2026-53466 CVE-2026-53467 CVE-2026-55510 CVE-2026-55577 CVE-2026-55594 CVE-2026-55595 CVE-2026-55597 CVE-2026-55628 CVE-2026-56361 CVE-2026-56362 CVE-2026-56363 CVE-2026-56364...
CVE-2026-56373
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...
CVE-2026-56373 ImageMagick - Use-After-Free Write in PDB Decoder
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...
CVE-2026-56373
ImageMagick (before 7.1.2-15) contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger crashes or write a single zero byte to freed memory by processing malicious PDB files. The issue is caused by a use-after-free in ...
CVE-2026-56366
CVE-2026-56366 affects ImageMagick before 7.1.2-18. The vulnerability is a memory leak in the META reader when processing APP1JPEG input paths, which can be triggered by specially crafted APP1JPEG images and may lead to denial of service via resource exhaustion. Connected sources confirm the affe...
CVE-2026-56366
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...