These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-56379 is a command injection vulnerability in ImageMagick's SVG decoder. Attackers can craft malicious SVG files to execute arbitrary MVG drawing commands during rendering. This vulnerability affects ImageMagick versions before 7.1.2-15 and 6.9.13-40. The vulnerability was publicly disclosed on June 23, 2026, and the details were updated on June 24, 2026. Users of affected ImageMagick versions sh [truncated]
CVE-2026-56371 is a memory leak vulnerability in ImageMagick when processing TXT files with texture attributes. The vulnerability occurs when the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed. This issue affects ImageMagick versions before 7.1.2-15 and 6.9.13-40. The CVE was published on J [truncated]
CVE-2026-56378 is a medium-severity vulnerability in ImageMagick, a popular image processing library. The vulnerability is caused by a heap out-of-bounds read in the PCD coder's DecodeImage loop, which can be triggered by a crafted PCD file. This can result in a denial of service and potential disclosure of an adjacent heap byte. The vulnerability affects ImageMagick versions before 7.1.2-15 and 6.x befor [truncated]
CVE-2026-53465 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.
CVE-2026-53464 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. The vulnerability occurs when providing invalid options to the wand option parser, resulting in a small memory leak. This issue has been patched in version 7.1.2-25.
CVE-2026-53463 is a medium-severity vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. The vulnerability occurs when passing incorrect arguments in the distort operation, leading to a null pointer dereference. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
CVE-2026-53462 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent, this can result in a heap-use-after-free and lead to a crash.
CVE-2026-53461 is a HIGH severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
CVE-2026-53460 is a HIGH severity vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.
CVE-2026-49219 is a vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
CVE-2026-49218 is a HIGH severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operations. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
CVE-2026-48994 is a MEDIUM severity vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
CVE-2026-48734 is a stack overflow vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.
CVE-2026-48733 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.
CVE-2026-48724 is a MEDIUM severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask and the Floyd-Steinberg dithering method, it causes a negative heap buffer over-write. This issue has been patched in version 7.1.2-24.
CVE-2026-47166 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. An attacker who can connect to a `magick -distribute-cache` service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
CVE-2026-47165 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23. The vulnerability has a CVSS score of 4.1 and is cl [truncated]
CVE-2026-46693 is a medium-severity vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. The vulnerability has a CVSS score of 4.1 and was published on [cvePublishedAt]. An attacker who can connect to a `magick -distribute-cache` service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in [truncated]
CVE-2026-46692 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. An attacker who can connect to a `magick -distribute-cache` service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
CVE-2026-46559 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
CVE-2026-46557 is a stack overflow vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to version 7.1.2-23, a missing depth check in the fx operation allows an attacker to pass a crafted argument, potentially leading to a stack overflow. This issue has been patched in version 7.1.2-23.
CVE-2026-46521 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder, an out-of-bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
CVE-2026-46523 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. The vulnerability is caused by a crafted MSL image that can trigger a heap-use-after-free. This issue was fixed in versions 7.1.2.23 and 6.9.13-48.
CVE-2026-46522 is a high-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. The vulnerability, caused by a missing check in the MIFF decoder, allows a crafted file to cause an infinite loop, resulting in CPU exhaustion. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. The affected versions of ImageMagick are prior [truncated]
CVE-2026-46520 is a HIGH severity vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions, an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
CVE-2026-45664 is a vulnerability in ImageMagick, a free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, a missing check in the MNG coder could allow reading more images than the list limit policy would allow, resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
CVE-2026-45624 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion, an out-of-bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
CVE-2026-45359 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-22.
CVE-2026-45358 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off-by-one error in the meta encoder could result in an out-of-bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
CVE-2026-45031 is a vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, a missing check in the PSD decoder allowed for a bypass of the list-length resource policy when decoding PSD images. Other security limits would still apply. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
CVE-2026-42326 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file, a malicious input file could cause an out-of-bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.
CVE-2016-3714 is an ImageMagick improper input validation vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. That means it should be treated as a real-world exploitation risk, not just a theoretical defect. CISA assigned a remediation due date of 2024-09-30 for the KEV entry. Defenders should inventory where ImageMagick is used, apply vendor guidance or updates, and remove or is [truncated]
CVE-2016-3718 is an ImageMagick server-side request forgery (SSRF) vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. For defenders, the key signal is not just the vulnerability type but the KEV listing: CISA’s required action is to apply updates per vendor instructions. Any environment that processes untrusted images with ImageMagick should treat this as a high-priority remediation item.
CVE-2016-3715 is a CISA Known Exploited Vulnerability affecting ImageMagick. The supplied corpus describes it as an arbitrary file deletion issue. Because CISA lists it in KEV, defenders should treat it as a high-priority remediation item and follow vendor update guidance.
CVE-2017-6502 is a denial-of-service issue in ImageMagick 6.9.7. The supplied NVD record says a specially crafted WebP file can trigger a file-descriptor leak in libmagickcore, which can exhaust resources and reduce availability. NVD classifies the weakness as CWE-119 and scores it 5.5 (Medium) with a vector that includes local access and user interaction. The CVE was published on 2017-03-06; the NVD reco [truncated]
CVE-2017-6501 is a denial-of-service flaw in ImageMagick 6.9.7. According to the CVE and NVD record, a specially crafted XCF file can trigger a NULL pointer dereference, with the main impact being application availability.
CVE-2017-6497 is a high-severity availability issue in ImageMagick 6.9.7. According to the CVE description and NVD data, a specially crafted PSD file can trigger a NULL pointer dereference, which can crash the application and result in denial of service. NVD classifies the issue as CVSS 3.0 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a network-reachable, low-complexity DoS risk for deployments t [truncated]
CVE-2016-10066 is a denial-of-service flaw in ImageMagick’s VIFF image parser. A crafted file can trigger a buffer overflow in ReadVIFFImage, causing the application to crash. The issue affects ImageMagick versions before 6.9.4-5 and is most relevant anywhere untrusted image uploads or conversions are accepted.
CVE-2016-10065 affects ImageMagick's VIFF image parsing path, specifically ReadVIFFImage in coders/viff.c. A crafted file can trigger a denial of service, and the NVD record also notes other unspecified impact. The CVE was publicly disclosed on 2017-03-03 and is rated High by NVD.
CVE-2016-10061 is a denial-of-service flaw in ImageMagick’s TIFF/GROUP4 handling. A crafted image can trigger a crash in ReadGROUP4Image because the code did not check the return value of fputc, affecting older ImageMagick releases before the fixed versions listed by NVD.
CVE-2016-10071 is a denial-of-service issue in ImageMagick’s MAT file parser. The vulnerability is described as an out-of-bounds read in coders/mat.c that can crash the application when a crafted MAT file is processed. NVD maps the affected range to ImageMagick versions through 6.9.3-10, and the CVE description states the issue is fixed before 6.9.4-0. The NVD CVSS vector is AV:L/AC:L/PR:N/UI:R/A:H, so de [truncated]
CVE-2016-10069 is a denial-of-service issue in ImageMagick's MAT file handling code (coders/mat.c). According to the NVD record, malformed MAT content with an invalid number of frames can trigger an application crash in versions before 6.9.4-5. The public record indicates the issue was disclosed on 2017-03-02, with upstream and downstream advisory references pointing to a patch and vendor follow-up.
CVE-2016-10068 is a denial-of-service issue in ImageMagick's MSL interpreter affecting versions before 6.9.6-4. A crafted XML file can trigger a segmentation fault and application crash, primarily impacting availability. The NVD entry classifies the weakness as CWE-20 and assigns a Medium CVSS score of 5.5.
CVE-2016-10067 is a high-severity ImageMagick flaw that can let a remote attacker crash affected applications. The issue is described as a buffer overflow in magick/memory.c triggered by "too many exceptions," with affected versions prior to 6.9.4-5. The NVD record rates the impact as network-exploitable with no privileges or user interaction required, and availability impact only.
CVE-2016-10064 is a buffer overflow in ImageMagick’s TIFF handling code (coders/tiff.c). According to the CVE record, a crafted file can cause a denial of service through application crash, and the impact may extend beyond a simple crash. The issue was publicly disclosed on 2017-03-02, and the linked references show patch and advisory activity around the vulnerability.
CVE-2016-10063 describes a buffer overflow in ImageMagick’s TIFF coder (coders/tiff.c) affecting versions before 6.9.5-1. According to the NVD summary, a crafted file can trigger a denial of service (application crash) and may have other unspecified impact. NVD classifies the weakness as CWE-119 and rates the issue HIGH with a CVSS 3.1 score of 7.8.
CVE-2016-10062 is a denial-of-service issue in ImageMagick’s TIFF handling. According to the NVD record published on 2017-03-02, the ReadGROUP4Image function in coders/tiff.c does not check the return value of fwrite, and a crafted file can trigger an application crash. NVD classifies the issue as CVE-2016-10062 with medium severity.
CVE-2016-10060 is a medium-severity ImageMagick denial-of-service vulnerability in MagickWand/magick-cli.c. When ConcatenateImages processes a crafted file, it fails to check the return value of fputc, which can lead to an application crash. NVD lists affected versions as ImageMagick 6.x before 6.9.4-1 and 7.0.0-0 through 7.0.1-9; the published description also summarizes the issue as affecting versions b [truncated]
CVE-2016-9559 is a denial-of-service vulnerability in ImageMagick's TIFF coder that can crash the application when it processes a crafted image. The flaw is a NULL pointer dereference in coders/tiff.c, and NVD rates the issue as network-reachable with user interaction required and high availability impact. The public record shows fixes and issue tracking activity in November 2016, while the CVE itself was [truncated]
CVE-2015-8903 is a denial-of-service issue in ImageMagick’s VICAR image parser. A crafted VICAR file can cause the ReadVICARImage function to enter an infinite loop, which can hang processing workflows and exhaust worker capacity. NVD assigns the issue a CVSS 3.1 score of 6.5 (medium) with availability impact only.
