CVE-2026-48733

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

CVE-2026-46559

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

CVE-2026-48733

ImageMagick suffers an infinite loop in subimage-search when processing a crafted image, potentially causing a denial of service. The vulnerability affects 6.9.13-49 and 7.1.2-24 before the patch; patched versions are 6.9.13-49 and 7.1.2-24. Attack vector is local with user interaction required; ...

CVE-2026-48733

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

CVE-2026-47166

Summary (CVE-2026-47166) ImageMagick’s distributed pixel cache server is vulnerable to a heap buffer over-read when a privileged, local attacker can connect to the magick -distribute-cache service. This flaw could lead to information disclosure (and potential DoS) in affected server processes. Th...

CVE-2026-47165 ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...

CVE-2026-47165

ImageMagick CVE-2026-47165 (and CVE-2026-47166) affect versions prior to 6.9.13-48 and 7.1.2-23 where the distributed pixel cache lacked a challenge–response authentication model, enabling local attackers with high privileges to access sensitive pixel data. Additionally, CVE-2026-47166 describes ...

CVE-2026-46559

ImageMagick CVE-2026-46559 is a JP2 encoder heap buffer over-write of a single byte triggered by certain options. Affected versions are 6.9.13-47 and earlier and 7.1.2-22 and earlier; patch applied in 6.9.13-48 and 7.1.2-23. This CVE has a CVSSv3.1 base score of 4.0 (Medium), with LOCAL attack ve...

CVE-2026-45624

CVE-2026-45624 affects ImageMagick; in versions prior to 6.9.13-47 and 7.1.2-22, a polynomial distortion can trigger an out-of-bounds over-read of 24 bytes when using specific arguments. The issue is a root-cause in the distortion implementation and can lead to information disclosure via a memory...

EUVD-2026-36161

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in...

PT-2026-48567

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

PT-2026-48564

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

PT-2026-48563

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue ha...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015458 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015466)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015466 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick...

EUVD-2026-22116

ImageMagick has a heap out-of-bounds write in JP2 encoder...

EUVD-2026-22106

ImageMagick has a Stack Overflow via Recursive FX Expression Parsing...

Linux Distros Unpatched Vulnerability : CVE-2026-33902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow...

CVE-2026-40311

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versio...