EUVD-2025-180149

Malicious code in bad-hash-shell-interpret-compress npm...

EUVD-2025-179688

Malicious code in code-interpret-finally-decode-cold npm...

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, there was a format string bug vulnerability in the InterpretImageFilename function, where user input was directly passed to FormatLocaleString withou...

EUVD-2019-18312

Malware in sbrugna...

CLSA-2025-1759782690 Fix CVE(s): CVE-2025-55298

SECURITY UPDATE: format string bug vulnerability in InterpretImageFilename function - debian/patches/CVE-2025-55298.patch: Fix PercentNInvalidOperation and IsValidFormatSpecifier to handle invalid arguments in InterpretImageFilename - CVE-2025-55298...

EUVD-2025-25836

Malicious code in bioql PyPI...

Heap Buffer Overflow

ImageMagick is vulnerable to heap buffer overflow. The vulnerability is due to an off-by-one error in the InterpretImageFilename function when handling format strings with consecutive percent signs %%, which allows an attacker to trigger out-of-bounds memory access...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in...

CLSA-2025-1757409349 Fix CVE(s): CVE-2025-53014

SECURITY UPDATE: heap buffer overflow in InterpretImageFilename function - debian/patches/CVE-2025-53014.patch: fix out of bounds read of a single byte in image file interpretation - CVE-2025-53014...

CVE-2025-55298

ImageMagick vulnerability CVE-2025-55298 is caused by a format string bug in InterpretImageFilename where un-sanitized user input is passed to FormatLocaleString, enabling potential heap overflow or remote code execution due to memory overwrite. Affected releases before patches include ImageMagic...

Use of Externally-Controlled Format String

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2025-55298 ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Use of Externally-Controlled Format String

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...