English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

USN-8127-1 Unknown

USN-8127-1: ImageMagick vulnerabilities

Canonical (Ubuntu) Released: March 30, 2026 Updated: April 01, 2026 Restart Required
Official Page

Description

It was discovered that ImageMagick did not properly process certain tags prior to an image being loaded. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-23952) It was discovered that ImageMagick did not properly handle temporary file creation failures. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-25795) It was discovered that ImageMagick did not properly manage memory under certain conditions. An attacker could possibly use this issue to cause ImageMagick to consume resources, resulting in a denial of service. (CVE-2026-25796) It was discovered that ImageMagick incorrectly handled certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-25798) It was discovered that ImageMagick did not properly validate certain YUV sampling factors. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-25799) It was discovered that ImageMagick incorrectly handled certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-25970) It was discovered that ImageMagick incorrectly managed memory when handling certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to consume resources, resulting in a denial of service. (CVE-2026-25988) It was discovered that ImageMagick incorrectly handled certain crafted image profiles. An attacker could possibly use this issue to cause ImageMagick to consume available resources, resulting in a denial of service. (CVE-2026-26066) It was discovered that ImageMagick incorrectly handled large image profiles when encoding PNG images. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-30883) Kamil Frankowicz discovered that ImageMagick incorrectly handled certain XML data. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-32636)

Fixed Vulnerabilities 10

CVE-2026-25970 N/A 0.0 ⚠️ KEV fixed
Feb 24, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in…

CVE-2026-25798 N/A 0.0 ⚠️ KEV fixed
Feb 24, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository…

CVE-2026-25796 N/A 0.0 ⚠️ KEV fixed
Feb 24, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image…

CVE-2026-32636 N/A 0.0 ⚠️ KEV fixed
Mar 18, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that…

CVE-2026-26066 N/A 0.0 ⚠️ KEV fixed
Feb 24, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC…

CVE-2026-25988 N/A 0.0 ⚠️ KEV fixed
Feb 24, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the…

CVE-2026-25799 N/A 0.0 ⚠️ KEV fixed
Feb 24, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling…

CVE-2026-25795 N/A 0.0 ⚠️ KEV fixed
Feb 24, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file…

CVE-2026-23952 N/A 0.0 ⚠️ KEV fixed
Jan 22, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the…

CVE-2026-30883 N/A 0.0 ⚠️ KEV fixed
Mar 10, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could…

Quick Info

Patch ID: USN-8127-1
Vendor: Canonical (Ubuntu)
Severity: Unknown
CVEs Fixed: 10
Restart: Required

Vendor

Canonical (Ubuntu)

Additional Info

action:
usn id: USN-8127-1
summary: Several security issues were fixed in ImageMagick.
usn number: 8127-1
instructions: In general, a standard system update will make all the necessary changes.

Share