Versions
imagemagick 6.9.12-34, imagemagick 7.1.0-19
ImageMagick6 v6.9.12-43, ImageMagick7 v7.1.0-28
7.1.1-10
ImageMagick 6.9.10-69
prior to 6.9.10-69
ImageMagick 7.0.10-31
ImageMagick 7.0.9-0
Fixed in ImageMagick 6.9.12-26, ImageMagick 7.1.0-11
ImageMagick 7.0.10-45
Fixed-in ImageMagick v7.1.1-0
prior to 7.0.8-68
7.1.0-14
ImageMagick 6.9.11-62, ImageMagick 7.0.10-62
Fixed in ImageMagick6 v6.9.12-44, ImageMagick7 v7.1.0-29
prior to 7.0.9-0
Fixed in ImageMagick 6.9.12-43, ImageMagick 7.1.0-28
prior to 7.0.8-69
ImageMagick 7.0.11
Fixed in ImageMagick v6.9.12-84, v 7.1.1-6.
Fixed in ImageMagick-7.1.0-20
ImageMagick 7.0.11-14
ImageMagick versions before 7.0.9-0
ImageMagick 7.0.10-62
ImageMagick 7.1.1-9
prior to 6.9.10-68
Fixed in ImageMagick 6.9.12-44, ImageMagick 7.1.0-29
Fixed in ImageMagick-7.0.11-8, ImageMagick-6.9.12-8
ImageMagick 7.0.8-69
ImageMagick versions before 7.1.0-30
Fixed in ImageMagick-7.0.10-57, ImageMagick6-6.9.11-57
Fixed in ImageMagick 7.1.0-47, ImageMagick 6.9.12-62
ImageMagick prior to 7.0.9-0
Fixed in ImageMagick 6.9.12-45, ImageMagick 7.1.0-30
ImageMagick 7.0.8-68
ImageMagick-6.7
6.9.11-57, 7.0.10-57
Recent CVEs
CVE-2023-34475
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.
CVE-2023-3195
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
CVE-2023-34474
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVE-2023-2157
A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
CVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
CVE-2023-34151
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
CVE-2023-34153
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVE-2023-1906
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVE-2023-1289
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
CVE-2022-3213
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.