Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: imagemagick

Found 69 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-30883
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6
    • imagemagick6Big
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected products

ImageMagick
  • ==< 6.9.13-41
  • ==>= 7.0.0, < 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc
Published
Permalink CVE-2026-28493
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6
    • imagemagick6Big
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has a Integer Overflow leading to out of bounds write in SIXEL decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerability is fixed in 7.1.2-16.

Affected products

ImageMagick
  • ==< 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2
Published
Permalink CVE-2026-28689
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6
    • imagemagick6Big
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has a Path Policy TOCTOU symlink race bypass

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected products

ImageMagick
  • ==< 6.9.13-41
  • ==>= 7.0.0, < 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3
Published
Permalink CVE-2026-28693
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6
    • imagemagick6Big
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has an integer overflow in DIB coder can result in out of bounds read or write

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected products

ImageMagick
  • ==< 6.9.13-41
  • ==>= 7.0.0, < 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76
Published
Permalink CVE-2026-28687
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6
    • imagemagick6Big
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has a Heap Use-After-Free in ImageMagick MSL decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected products

ImageMagick
  • ==< 6.9.13-41
  • ==>= 7.0.0, < 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q
Published
Permalink CVE-2026-28686
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6
    • imagemagick6Big
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has a write heap-buffer-overflow in PCL encoder via undersized output buffer

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected products

ImageMagick
  • ==< 6.9.13-41
  • ==>= 7.0.0, < 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885
Published
Permalink CVE-2026-28691
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6
    • imagemagick6Big
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has an uninitialized pointer dereference in JBIG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected products

ImageMagick
  • ==< 6.9.13-41
  • ==>= 7.0.0, < 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f
Published
Permalink CVE-2026-30935
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6Big
    • imagemagick6
    • imagemagick6_light
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • graphicsmagick-imagemagick-compat
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has a heap Buffer Over-Read in BilateralBlurImage

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16.

Affected products

ImageMagick
  • ==< 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cqw9-w2m7-r2m2
Published
Permalink CVE-2026-28692
4.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • imagemagick6Big
    • imagemagick6
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected products

ImageMagick
  • ==< 6.9.13-41
  • ==>= 7.0.0, < 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv
Published
Permalink CVE-2026-30929
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @mweinelt ignored
    6 packages
    • imagemagick6
    • imagemagick6Big
    • imagemagick6_light
    • graphicsmagick-imagemagick-compat
    • tests.pkg-config.defaultPkgConfigPackages.MagickWand
    • tests.pkg-config.defaultPkgConfigPackages.ImageMagick
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
ImageMagick has a stack buffer overflow in MagnifyImage

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Affected products

ImageMagick
  • ==< 6.9.13-41
  • ==>= 7.0.0, < 7.1.2-16

Matching in nixpkgs

Ignored packages (6)

Package maintainers

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg