| 0 |
| url |
VCID-1dkp-eq4m-kuey |
| vulnerability_id |
VCID-1dkp-eq4m-kuey |
| summary |
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write
An integer overflow in DIB coder can result in out of bounds read or write |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-28693, GHSA-hffp-q43q-qq76
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1dkp-eq4m-kuey |
|
| 1 |
| url |
VCID-4hmq-1sx8-skcj |
| vulnerability_id |
VCID-4hmq-1sx8-skcj |
| summary |
ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation
A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
```
=================================================================
==741961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000083dc at pc 0x56553b4c4245 bp 0x7ffd9d20fef0 sp 0x7ffd9d20fee0
WRITE of size 1 at 0x5020000083dc thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30937, GHSA-qpg4-j99f-8xcg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4hmq-1sx8-skcj |
|
| 2 |
| url |
VCID-9fpb-ch9j-8yg3 |
| vulnerability_id |
VCID-9fpb-ch9j-8yg3 |
| summary |
ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder
A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.
```
=================================================================
==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150
READ of size 8 at 0x527000011550 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-28687, GHSA-fpvf-frm6-625q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9fpb-ch9j-8yg3 |
|
| 3 |
| url |
VCID-cnvc-vfa2-z3fq |
| vulnerability_id |
VCID-cnvc-vfa2-z3fq |
| summary |
ImageMagick has Heap Buffer Over-Read in BilateralBlurImage
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur.
```
=================================================================
==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370
READ of size 4 at 0x50a0000079c0 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30935, GHSA-cqw9-w2m7-r2m2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cnvc-vfa2-z3fq |
|
| 4 |
| url |
VCID-e59v-wtp4-v7ev |
| vulnerability_id |
VCID-e59v-wtp4-v7ev |
| summary |
ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer
A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.
```
WRITE of size 1 at 0x7e79f91f31a0 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-28686, GHSA-467j-76j7-5885
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e59v-wtp4-v7ev |
|
| 5 |
| url |
VCID-nfr9-r9x3-4ugt |
| vulnerability_id |
VCID-nfr9-r9x3-4ugt |
| summary |
ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder
In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.
```
=================================================================
==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70
READ of size 8 at 0x506000003b40 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-28692, GHSA-mrmj-x24c-wwcv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nfr9-r9x3-4ugt |
|
| 6 |
| url |
VCID-nxzm-r956-pbfy |
| vulnerability_id |
VCID-nxzm-r956-pbfy |
| summary |
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder
An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-28493, GHSA-r39q-jr8h-gcq2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nxzm-r956-pbfy |
|
| 7 |
| url |
VCID-qrsw-ekum-zue2 |
| vulnerability_id |
VCID-qrsw-ekum-zue2 |
| summary |
ImageMagick has heap-based buffer overflow in UHDR encoder
A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.
```
================================================================
==2158399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000039500 at pc 0x562a4a42f968 bp 0x7ffcca4ed6c0 sp 0x7ffcca4ed6b0
WRITE of size 1 at 0x521000039500 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30931, GHSA-h95r-c8c7-mrwx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qrsw-ekum-zue2 |
|
| 8 |
| url |
VCID-s9q4-zzzf-e7gt |
| vulnerability_id |
VCID-s9q4-zzzf-e7gt |
| summary |
ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage
A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.
```
=================================================================
==661320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000002754 at pc 0x5ff45f82c92a bp 0x7fffb732b400 sp 0x7fffb732b3f0
WRITE of size 4 at 0x503000002754 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30936, GHSA-5ggv-92r5-cp4p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s9q4-zzzf-e7gt |
|
| 9 |
| url |
VCID-t7w8-fz8u-zud8 |
| vulnerability_id |
VCID-t7w8-fz8u-zud8 |
| summary |
ImageMagick has stack buffer overflow in MagnifyImage
MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30929, GHSA-rqq8-jh93-f4vg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t7w8-fz8u-zud8 |
|
| 10 |
| url |
VCID-vk9r-ve4j-w7g2 |
| vulnerability_id |
VCID-vk9r-ve4j-w7g2 |
| summary |
ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder
An overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-31853, GHSA-56jp-jfqg-f8f4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9r-ve4j-w7g2 |
|
| 11 |
|
| 12 |
| url |
VCID-x85h-m4tr-ykha |
| vulnerability_id |
VCID-x85h-m4tr-ykha |
| summary |
ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays
A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-28494, GHSA-932h-jw47-73jm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x85h-m4tr-ykha |
|
| 13 |
| url |
VCID-xuxk-mcdm-q3fr |
| vulnerability_id |
VCID-xuxk-mcdm-q3fr |
| summary |
ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder
An extremely large image profile could result in a heap overflow when encoding a PNG image. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30883, GHSA-qmw5-2p58-xvrc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xuxk-mcdm-q3fr |
|
| 14 |
| url |
VCID-zt1v-dckb-gbh3 |
| vulnerability_id |
VCID-zt1v-dckb-gbh3 |
| summary |
ImageMagick has uninitialized pointer dereference in JBIG decoder
An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-28691, GHSA-wj8w-pjxf-9g4f
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zt1v-dckb-gbh3 |
|