13 matches found
EUVD-2026-36185
ImageMagick: Policy Bypass can read disallowed files via symlink...
EUVD-2026-36183
ImageMagick has a Heap Buffer Over-Write in MAT decoder on 32-bit systems...
SUSE CVE-2026-45359
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...
CVE-2026-46522
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the iss...
CVE-2026-49219 ImageMagick: Policy Bypass can read disallowed files
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...
CVE-2026-49219
Technical details are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-36177
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...
CVE-2026-47165
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...
CVE-2026-46692 ImageMagick: Heap Buffer Over-Write in distributed pixel cache server
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in...
EUVD-2026-36174
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in...
CVE-2026-46559
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...
CVE-2026-46523
CVE-2026-46523 is a use-after-free in ImageMagick’s MSL image handling. A crafted MSL image can trigger a heap-use-after-free, affecting versions prior to 7.1.2.23 and 6.9.13-48. The issue is fixed in 7.1.2.23 and 6.9.13-48. If you rely on ImageMagick, upgrade to one of the fixed releases to reme...
PT-2026-48565
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-48 ImageMagick versions prior to 7.1.2-24 Description A missing check of a return value in the MAT decoder on 32-bit systems can lead to a heap buffer over-write. A heap buffer over-write occurs when a...