Imagemagick CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (664 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2016-7525	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2015-8898	2 Imagemagick, Redhat	2 Imagemagick, Enterprise Linux	2025-04-20	N/A
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVE-2016-7527	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2014-9839	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
CVE-2016-7528	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
CVE-2017-7942	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2016-7514	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2014-9840	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVE-2017-14741	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
CVE-2017-5507	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	7.5 High
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
CVE-2017-5509	1 Imagemagick	1 Imagemagick	2025-04-20	7.8 High
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVE-2017-5511	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	9.8 Critical
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVE-2017-6497	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).
CVE-2017-6498	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	N/A
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
CVE-2017-6499	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	N/A
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
CVE-2017-6500	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	N/A
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
CVE-2017-6501	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.
CVE-2017-6502	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).
CVE-2017-7619	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
CVE-2017-14739	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.

« first previous Page 15 of 34. next last »