Cristy

204 exploits Active since Dec 2016
CVE-2019-10714 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.10-32 - Out-of-bounds Read in LocaleLowercase
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
CVSS 6.5
CVE-2023-3745 WRITEUP MEDIUM WRITEUP
ImageMagick 6.0-6.9-11-0 - Denial of Service via Heap-Based Buffer Overflow in PushCharPixel
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-3745 WRITEUP MEDIUM WRITEUP
ImageMagick 6.0-6.9-11-0 - Denial of Service via Heap-Based Buffer Overflow in PushCharPixel
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2024-41817 WRITEUP HIGH WRITEUP
ImageMagick 7.0.11-13-7.1.1-36 - Uncontrolled Search Path Element via MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
CVSS 7.0
CVE-2026-33899 WRITEUP MEDIUM WRITEUP
ImageMagick: Heap BufferOverflow write of single zero byte when parsing XML
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.3
CVE-2026-33900 WRITEUP MEDIUM WRITEUP
ImageMagick VIFF Encoder 32-bit Builds - Heap Overflow
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.9
CVE-2026-33901 WRITEUP HIGH WRITEUP
ImageMagick MVG Decoder - Heap Buffer Overflow
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 7.5
CVE-2026-33902 WRITEUP MEDIUM WRITEUP
ImageMagick: Stack Overflow via Recursive FX Expression Parsing
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.5
CVE-2026-33905 WRITEUP MEDIUM WRITEUP
ImageMagick -sample Operation - Out-of-Bounds Read
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.5
CVE-2026-33908 WRITEUP HIGH WRITEUP
ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth limit imposed. When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 7.5
CVE-2026-34238 WRITEUP MEDIUM WRITEUP
ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bit builds
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.1
CVE-2026-40169 WRITEUP MEDIUM WRITEUP
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.
CVSS 6.2
CVE-2026-40310 WRITEUP MEDIUM WRITEUP
ImageMagick: Heap out-of-bounds write in JP2 encoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.5
CVE-2026-40311 WRITEUP MEDIUM WRITEUP
ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVSS 5.5
CVE-2026-40312 WRITEUP MEDIUM WRITEUP
ImageMagick: Off-by-One in MSL decoder could result in crash
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.
CVSS 6.2
CVE-2026-27798 WRITEUP MEDIUM WRITEUP
ImageMagick <7.1.2-15/6.9.13-40 - Buffer Overflow
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 4.0
CVE-2026-24484 WRITEUP MEDIUM WRITEUP
ImageMagick <7.1.2-15/6.9.13-40 - DoS
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 5.3
CVE-2026-24485 WRITEUP HIGH WRITEUP
ImageMagick <7.1.2-15/6.9.13-40 - DoS
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 7.5
CVE-2016-5689 WRITEUP CRITICAL WRITEUP
ImageMagick <6.9.4.5, <7.0.1.7 - Info Disclosure
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
CVSS 9.8
CVE-2016-5690 WRITEUP CRITICAL WRITEUP
ImageMagick <6.9.4.5, <7.0.1.7 - Remote Code Execution
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
CVSS 9.8
CVE-2016-5691 WRITEUP CRITICAL WRITEUP
ImageMagick <6.9.4.5 & <7.0.1.7 - Info Disclosure
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVSS 9.8
CVE-2016-7513 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.4-0 - Denial of Service via Off-by-One Error in magick/cache.c
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.
CVSS 6.5
CVE-2016-7520 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.4-0 - Heap-Based Buffer Overflow in HDR File Parser
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
CVSS 6.5
CVE-2016-7524 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.4-0 - Denial of Service via Out-of-bounds Read in coders/meta.c
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 6.5
CVE-2016-7527 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.4-0 - Denial of Service via Out-of-bounds Read in WPG Coder
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 6.5