Imagemagick Vulnerabilities
Comprehensive security vulnerability database for Imagemagick products
7
0
8
15
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-30931 | 7.8 | This vulnerability allows an attacker to exploit a flaw in ImageMagick's UHDR encoder, potentially leading to unauthorized access or control over the system by writing data outside the intended memory space. It affects versions prior to 7.1.2-16, so users must upgrade to this version or later to protect against this risk. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-30929 | 7.8 | This vulnerability allows an attacker to crash the ImageMagick software or potentially execute malicious code by sending a specially crafted image that overflows a fixed-size memory area. It affects versions prior to 7.1.2-16 and 6.9.13-41, so users should update to these versions or later to protect against this risk. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-30883 | 7.8 | This vulnerability allows an attacker to crash the ImageMagick software or potentially execute harmful code by sending a specially crafted PNG image with an excessively large profile. It affects versions prior to 7.1.2-16 and 6.9.13-41, so using an updated version is crucial to avoid exploitation. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-28693 | 8.1 | This vulnerability allows an attacker to manipulate images in a way that can lead to reading or writing data outside of the intended memory space, potentially causing crashes or executing malicious code. It affects specific older versions of ImageMagick, so users need to upgrade to the latest versions to protect against this risk. | imagemagickimagemagick | Theoretical | 29 days agoMar 10, 2026 |
| CVE-2026-28691 | 7.5 | An attacker can exploit a flaw in ImageMagick's JBIG decoder to crash the software or potentially run harmful code on a system that processes specially crafted image files. This vulnerability affects versions prior to 7.1.2-16 and 6.9.13-41, so using an updated version is crucial for protection. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2026-28494 | 7.1 | This vulnerability allows an attacker to crash the ImageMagick software or potentially execute malicious code by sending specially crafted image processing requests that exceed the expected size limits. It affects versions prior to 7.1.2-16 and 6.9.13-41, so users running older versions are at risk if they process untrusted image data. | imagemagickimagemagick | Exploit Available | 29 days agoMar 10, 2026 |
| CVE-2023-34153 | 7.8 | This vulnerability allows an attacker to execute arbitrary shell commands on a system running ImageMagick by manipulating video encoding or decoding options. It requires the attacker to have the ability to provide specially crafted video files to the ImageMagick software. | imagemagickimagemagick | Exploit Available | almost 3 years agoMay 30, 2023 |
About Imagemagick Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Imagemagick products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.