Multiple Vulnerabilities Disclosed in ImageMagick
dCERT issued two advisories on multiple vulnerabilities in ImageMagick, the widely used image processing suite, indicating ongoing security issues affecting the software. The advisories, 2026-0474 and 2026-0633, both identify ImageMagick as the impacted product but do not provide public synopses, suggesting organizations should review the vendor and downstream security guidance directly for affected versions and technical details.
Because ImageMagick is commonly embedded in web applications, content management systems, and backend media-processing pipelines, unpatched flaws can create risk across a broad range of environments. Security teams should inventory systems and applications that rely on ImageMagick, monitor for updated package releases and distribution-specific patches, and prioritize remediation to reduce exposure from potential image parsing and processing attacks.
How this story unfolded
11 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes ImageMagick DoS vulnerabilities advisory 2026-1249
dCERT published advisory 2026-1249 for ImageMagick vulnerabilities that can allow denial of service. The reference provides no additional technical details or remediation information.
dCERT publishes ImageMagick DoS vulnerabilities advisory 2026-1103
dCERT published advisory 2026-1103 for multiple ImageMagick vulnerabilities that can allow denial of service. The reference provides no additional technical details or remediation information.
dCERT publishes ImageMagick multiple vulnerabilities advisory 2026-1056
dCERT issued advisory 2026-1056 for multiple vulnerabilities affecting ImageMagick. The reference provides no further technical details or remediation information.
Technical details published for ImageMagick META reader memory leaks
A new disclosure described two memory leak flaws in ImageMagick's ReadMETAImage function, including an unfreed StringInfo profile object and a leaked buff->blob allocation on jpeg_embed error handling. The issues can strand heap memory during META parsing, adding specific technical detail beyond earlier generic advisories.
dCERT publishes ImageMagick DoS vulnerabilities advisory 2026-0824
dCERT published advisory 2026-0824 for multiple ImageMagick vulnerabilities that can allow denial of service. This represents a further advisory/update in the ongoing ImageMagick vulnerability disclosures.
dCERT publishes follow-up ImageMagick multiple vulnerabilities advisory 2026-0633
dCERT later published advisory 2026-0633 covering multiple vulnerabilities in ImageMagick, indicating an additional or updated disclosure related to the software. The reference does not include specifics on the flaws or impact.
dCERT publishes ImageMagick multiple vulnerabilities advisory 2026-0490
dCERT issued advisory 2026-0490 for multiple vulnerabilities affecting ImageMagick. The reference provides no further technical details or remediation information.
dCERT publishes ImageMagick multiple vulnerabilities advisory 2026-0474
dCERT issued advisory 2026-0474 for multiple vulnerabilities affecting ImageMagick. The reference provides no further technical details or remediation information.
dCERT publishes ImageMagick multiple vulnerabilities advisory 2026-0147
dCERT issued advisory 2026-0147 for multiple vulnerabilities affecting ImageMagick. The reference provides no further technical details or remediation information.
dCERT publishes ImageMagick multiple vulnerabilities advisory 2025-1764
dCERT issued advisory 2025-1764 for multiple vulnerabilities affecting ImageMagick. The reference provides no further technical details or remediation information.
dCERT publishes ImageMagick multiple vulnerabilities advisory 2025-1671
dCERT issued advisory 2025-1671 for multiple vulnerabilities affecting ImageMagick. The reference provides no further technical details or remediation information.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
dCERT - Advisory 2026-1249 - ImageMagick: Vulnerability allows Denial of Service
dcert.de
Open sourcedCERT - Advisory 2026-1103 - ImageMagick: Multiple Vulnerabilities allow Denial of Service
dcert.de
Open sourcedCERT - Advisory 2026-1056 - ImageMagick: Multiple Vulnerabilities
dcert.de
Open sourceGHSA-9R56-3GJQ-HQF7: GHSA-9R56-3GJQ-HQF7: Memory Leak in ImageMagick META Reader Error Path | CVEReports
cvereports.com
Open sourcedCERT - Advisory 2026-0474 - ImageMagick: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2026-0147 - ImageMagick: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2025-1764 - ImageMagick: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2025-1671 - ImageMagick: Multiple Vulnerabilities
dcert.de
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Debian Issued Multiple ImageMagick Security Updates
Debian published two separate security advisories for **ImageMagick**, identified as `DSA-6210-1` and `DSA-6240-1`, indicating repeated security fixes for the widely used image processing suite across supported Debian releases. The advisories were released through Debian's security announcement channel and point to vulnerabilities significant enough to require formal package updates. ImageMagick is commonly embedded in web applications, content management systems, and backend media-processing workflows, making security flaws in the package relevant to servers that automatically handle untrusted image files. Organizations running Debian systems should review both advisories, identify affected releases and package versions, and ensure the latest ImageMagick updates have been applied across exposed or internet-facing workloads.
May 3, 2026
Multiple High-Severity ImageMagick Vulnerabilities Including Heap Overflow and Policy Bypass
Multiple **ImageMagick** vulnerabilities were disclosed affecting common image-processing deployments (web apps, CMS integrations, and automated pipelines). **CVE-2026-25794** is a heap-based buffer overflow triggered when writing UHDR images: `WriteUHDRImage` (`coders/uhdr.c`) uses 32-bit `int` arithmetic to compute pixel buffer size, allowing a signed integer overflow on large dimensions that leads to an undersized heap allocation and out-of-bounds write; ImageMagick **7.1.2-15** includes a patch. Separately, Belgium’s CCB warned that **CVE-2026-23876** is a high-severity heap buffer overflow in the XBM decoder (`ReadXBMImage`) that can be triggered by a crafted image and may enable memory corruption and potential code execution; the advisory notes a **public PoC** and urges immediate patching. A second ImageMagick issue, **CVE-2026-25965**, allows a **policy bypass via path traversal** because the path security policy is applied to the raw filename string before filesystem normalization; attackers can use traversal to read sensitive files (local file disclosure) even when `policy-secure.xml` is in place. Fixes were reported in **ImageMagick 7.1.2-15** and **6.9.13-40**, and guidance indicates policy hardening may be required to ensure write operations are also blocked. A separate disclosure for **Traccar** stored XSS via malicious SVG upload is unrelated to the ImageMagick issues and should be tracked independently.
Mar 21, 2026
Code Execution Flaw in GIMP and Security Issue in ImageMagick Prompt Image Tool Review
German government advisories warned of security flaws in two widely used image-processing applications, with **GIMP** affected by a vulnerability that could allow **code execution** and **ImageMagick** affected by a separate flaw that could enable an **unspecified attack**. The notices identify both products as requiring security review because they are commonly used to open, convert, and manipulate untrusted image files in desktop and server-side workflows. The GIMP issue presents the more severe risk because successful exploitation could let an attacker run code on a target system, while the ImageMagick issue may expose systems that rely on automated image handling to further compromise depending on deployment context. Organizations using either tool in user workstations, content pipelines, or backend processing environments should verify affected versions, apply vendor fixes or distribution updates, and restrict processing of untrusted files until remediation is complete.
Apr 16, 2026