Cristy

175 exploits Active since Dec 2016
CVE-2026-33899 WRITEUP MEDIUM WRITEUP
ImageMagick: Heap BufferOverflow write of single zero byte when parsing XML
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.3
CVE-2026-33900 WRITEUP MEDIUM WRITEUP
ImageMagick has a Heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.9
CVE-2026-33901 WRITEUP HIGH WRITEUP
ImageMagick has a Heap Buffer Overflow via MVG decoder
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 7.5
CVE-2026-33902 WRITEUP MEDIUM WRITEUP
ImageMagick: Stack Overflow via Recursive FX Expression Parsing
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.5
CVE-2026-33905 WRITEUP MEDIUM WRITEUP
ImageMagick has an Out-of-Bounds read via -sample operation
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.5
CVE-2026-33908 WRITEUP HIGH WRITEUP
ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth limit imposed. When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 7.5
CVE-2026-34238 WRITEUP MEDIUM WRITEUP
ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.1
CVE-2026-40169 WRITEUP MEDIUM WRITEUP
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.
CVSS 6.2
CVE-2026-40310 WRITEUP MEDIUM WRITEUP
ImageMagick: Heap out-of-bounds write in JP2 encoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.5
CVE-2026-40311 WRITEUP MEDIUM WRITEUP
ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.5
CVE-2026-40312 WRITEUP MEDIUM WRITEUP
ImageMagick: Off-by-One in MSL decoder could result in crash
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.
CVSS 6.2
CVE-2026-27798 WRITEUP MEDIUM WRITEUP
ImageMagick <7.1.2-15/6.9.13-40 - Buffer Overflow
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 4.0
CVE-2026-24484 WRITEUP MEDIUM WRITEUP
ImageMagick <7.1.2-15/6.9.13-40 - DoS
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 5.3
CVE-2026-24485 WRITEUP HIGH WRITEUP
ImageMagick <7.1.2-15/6.9.13-40 - DoS
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 7.5
CVE-2016-5689 WRITEUP CRITICAL WRITEUP
ImageMagick <6.9.4.5, <7.0.1.7 - Info Disclosure
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
CVSS 9.8
CVE-2016-5690 WRITEUP CRITICAL WRITEUP
ImageMagick <6.9.4.5, <7.0.1.7 - RCE
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
CVSS 9.8
CVE-2016-5691 WRITEUP CRITICAL WRITEUP
ImageMagick <6.9.4.5 & <7.0.1.7 - Info Disclosure
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVSS 9.8
CVE-2016-7513 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.4-0 - Numeric Error
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.
CVSS 6.5
CVE-2016-7520 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.4-0 - Out-of-Bounds Read
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
CVSS 6.5
CVE-2016-7524 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.4-0 - Out-of-Bounds Read
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 6.5
CVE-2016-7527 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.4-0 - Out-of-Bounds Read
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 6.5
CVE-2016-7528 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.4-0 - Out-of-Bounds Read
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
CVSS 6.5
CVE-2016-7529 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.4-0 - Out-of-Bounds Read
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
CVSS 6.5
CVE-2016-7530 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.4-0 - Divide By Zero
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
CVSS 6.5
CVE-2016-7533 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.4-0 - Out-of-Bounds Read
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
CVSS 6.5