Dlemstra Magick.Net vulnerabilities

CVE-2026-27798 [HIGH] CWE-125 CVE-2026-27798: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CVE-2026-27799 [MEDIUM] CWE-122 CVE-2026-27799: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calcu

CVE-2026-24485 [HIGH] CWE-400 CVE-2026-24485: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously co

CVE-2026-25576 [MEDIUM] CWE-122 CVE-2026-25576: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory

CVE-2026-25637 [MEDIUM] CWE-401 CVE-2026-25637: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.

CVE-2026-24484 [MEDIUM] CWE-400 CVE-2026-24484: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CVE-2026-23952 [HIGH] CWE-476 CVE-2026-23952: ImageMagick is free and open-source software used for editing and manipulating digital images. Versi ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer derefere