By vendor
Imagemagick vulnerabilities
Known CVEs affecting Imagemagick products, prioritized by severity, with SEC.co remediation and detection guidance.
4 published vulnerabilities
- CVE-2026-45359MEDIUM 5.7
ImageMagick, a widely-used image editing library, contains a memory safety flaw in its connected components operation. When the connected-components:keep-top parameter receives an invalid value, the software can read beyond allocated memory boundaries. While the vulnerability requires specific input conditions and local system access, it may allow an attacker to extract sensitive data or crash the application. Versions 6.9.13-48 and 7.1.2-22 patch this issue.
- CVE-2026-45031MEDIUM 5.3
ImageMagick, a widely-used open-source image processing tool, contains a vulnerability in its PSD (Photoshop) file decoder that allows an attacker to circumvent resource limits designed to prevent denial-of-service attacks. By crafting a malicious PSD file, an attacker can cause excessive resource consumption during image decoding, potentially disrupting services that rely on ImageMagick to process untrusted image uploads. The vulnerability affects versions prior to 6.9.13-47 and 7.1.2-22, and patches are now available.
- CVE-2026-45358MEDIUM 5.3
ImageMagick, widely used image processing software, contains an off-by-one error in its meta encoder that allows reading a single byte of memory beyond intended bounds. An unauthenticated attacker can trigger this vulnerability over the network without user interaction, potentially exposing sensitive information from the application's memory. The vulnerability affects ImageMagick versions prior to 6.9.13-47 (legacy branch) and 7.1.2-22 (current branch).
- CVE-2026-42326MEDIUM 5.1
ImageMagick, a widely-used open-source tool for image processing, contains a flaw that allows a specially crafted image file to trigger an out-of-bounds memory read when the application writes IPTC metadata. An attacker who provides a malicious image could cause the software to read one byte of memory it shouldn't access, potentially leaking sensitive information or causing the application to crash. This is a local issue—the attacker must be able to supply the image file to a system running vulnerable ImageMagick.