Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: imagemagick6Big

Found 54 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-25898
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 3 months, 2 weeks ago
  • @LeSuisse deleted
    3 maintainers
    • @faukah
    • @dotlambda
    • @rhendric
    3 months, 2 weeks ago maintainer.delete
  • @LeSuisse ignored
    3 packages
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • graphicsmagick-imagemagick-compat
    3 months, 2 weeks ago
  • @LeSuisse accepted 3 months, 2 weeks ago
  • @LeSuisse published on GitHub 3 months, 2 weeks ago
Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Affected products

ImageMagick
  • ==< 6.9.13-40
  • ==>= 7.0.0, < 7.1.2-15

Matching in nixpkgs

Ignored packages (3)

Package maintainers

Ignored maintainers (3)
Dismissed
Permalink CVE-2021-3610
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @LeSuisse ignored
    3 packages
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • graphicsmagick-imagemagick-compat
    3 months, 2 weeks ago
  • @LeSuisse dismissed 3 months, 2 weeks ago
A heap-based buffer overflow vulnerability was found in ImageMagick in …

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

Affected products

ImageMagick
  • ==ImageMagick 7.0.11-14

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

Ignored packages (3)

Package maintainers

Current stable branch was never impacted
Published
Permalink CVE-2026-25982
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 3 months, 2 weeks ago
  • @LeSuisse ignored
    3 packages
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    3 months, 2 weeks ago
  • @LeSuisse accepted 3 months, 2 weeks ago
  • @LeSuisse published on GitHub 3 months, 2 weeks ago
ImageMagick Has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Affected products

ImageMagick
  • ==>= 7.0.0, < 7.1.2-15
  • ==< 6.9.13-40

Matching in nixpkgs

Ignored packages (3)

Package maintainers

Upstream advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v
Published
Permalink CVE-2026-23876
8.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 4 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 4 months, 3 weeks ago
  • @LeSuisse ignored
    3 packages
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    4 months, 2 weeks ago
  • @LeSuisse accepted 4 months, 2 weeks ago
  • @LeSuisse published on GitHub 4 months, 2 weeks ago
Heap buffer overflow with attacker-controlled data in XBM parser

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.

Affected products

ImageMagick
  • ==< 6.9.13-38
  • ==< 7.1.2-13

Matching in nixpkgs

pkgs.imagemagick

Software suite to create, edit, compose, or convert bitmap images

Ignored packages (3)

Package maintainers

Upstream advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8
Upstream fix: https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8