EUVD-2026-36191

ImageMagick: Memory Leak in wand option parser when providing invalid arguments...

CVE-2026-45358

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. A remote attacker could exploit an off-by-one error in the meta encoder to read a single byte outside of allocated memory. This out-of-bounds read could lead to the disclosure of sensitiv...

CVE-2026-56367

A vulnerability in the ImageMagick image processing tool could allow an attacker to crash the application or access sensitive information by uploading a maliciously crafted Photoshop PSB file. Mitigation To reduce the risk, avoid processing untrusted PSB Photoshop Big files with ImageMagick...

EUVD-2026-36188

ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop...

EUVD-2026-36180

ImageMagick has an Infinite Loop in subimage-search with crafted image...

EUVD-2026-36179

ImageMagick has a Heap Buffer Underwrite in the Floyd-Steinberg depth dithering method...

Linux Distros Unpatched Vulnerability : CVE-2026-56368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed...

CVE-2026-56370

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of...

CVE-2026-56368

CVE-2026-56368 affects ImageMagick prior to 7.1.2-15. A memory-leak in multiple coders that write raw pixel data leads to allocated objects not being freed, enabling memory exhaustion and denial of service when processing specially crafted images. The vulnerability is described consistently acros...

CVE-2026-56379

A flaw was found in ImageMagick. This command injection vulnerability in the SVG Scalable Vector Graphics decoder allows a remote attacker to craft malicious SVG files. When these files are processed, the injected Magick Vector Graphics MVG commands can execute, potentially leading to arbitrary...

CVE-2026-56371

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

CVE-2026-56379

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

CVE-2026-56376

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

CVE-2026-56379 ImageMagick - Command Injection via SVG Decoder

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

EUVD-2026-38441

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

CVE-2026-56379

CVE-2026-56379 affects ImageMagick’s SVG decoder, with versions prior to 7.1.2-15 and 6.9.13-40 vulnerable to command injection via injected MVG commands in crafted SVG files. During rendering, attackers could trigger execution of arbitrary MVG commands, potentially leading to arbitrary code exec...

CVE-2026-56376 ImageMagick - Heap Use-After-Free in Meta Coder

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

EUVD-2026-38440

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

CVE-2026-56376

Affected software: ImageMagick prior to 7.1.2-15 and 6.9.13-40. Vulnerability: heap use-after-free in the meta coder where, on memory allocation failure, a single byte is written to a stale pointer. Impact: remote attackers can trigger via specially crafted image files, causing a denial of servic...

CVE-2026-56371

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected by a memory leak in the txt coder when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released if GetTypeMetrics fails, leaking memory per crafted TXT file and enabling potential DoS...