SB2026051818 - Multiple vulnerabilities in ImageMagick
Published: May 18, 2026 Updated: July 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 40 vulnerabilities.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the JNG encoder when opening a blob during JNG file encoding. A remote attacker can trigger a blob open failure to cause a denial of service.
2) Link following (CVE-ID: N/A)
CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to improper link resolution before file access in the -script operation when processing script input. A local user can supply a crafted script to disclose sensitive information.
The issue bypasses configured security policy restrictions on disallowed paths.
3) Use-after-free (CVE-ID: CVE-2026-55510)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in the 8BIM profile handling code when identifying a crafted image. A remote attacker can trick the victim into processing a specially crafted image to cause a denial of service.
User interaction is required to process the crafted image.
4) Use-after-free (CVE-ID: N/A)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in the freetype initialization method when handling freetype initialization failures. A remote attacker can trigger a freetype initialization failure to cause a denial of service.
5) Use-after-free (CVE-ID: N/A)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in the FormatMagickCaption method when handling memory allocation failure. A remote attacker can trigger a memory allocation failure to cause a denial of service.
6) Information disclosure (CVE-ID: CVE-2026-53467)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to heap information disclosure in the MNG decoder when parsing crafted MNG images. A remote attacker can supply a crafted MNG image to disclose sensitive information.
7) Out-of-bounds read (CVE-ID: N/A)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in the identify command profile display logic when displaying a profile with a non-printable value. A remote attacker can display a crafted profile to disclose sensitive information.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the TIFF encoder when a temporary file cannot be created. A remote attacker can trigger creation of a temporary file failure to cause a denial of service.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the color transformation to log colorspace operation when transforming an image to the log colorspace and the operation fails. A remote attacker can trigger a failed image transformation to cause a denial of service.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the hough lines operation when a specific operation fails. A remote attacker can trigger a failure condition to cause a denial of service.
11) Missing Authorization (CVE-ID: CVE-2026-55628)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to read and write files in paths disallowed by the security policy.
The vulnerability exists due to missing authorization in the -concatenate operation when processing file paths. A local user can invoke the concatenate operation with disallowed paths to read and write files in paths disallowed by the security policy.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in TIFF encoder when an allocation fails during image encoding. A remote attacker can trigger an allocation failure to cause a denial of service.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the YUV decoder when opening a blob fails. A remote attacker can trigger processing of a malformed input to cause a denial of service.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the MIFF encoder when an allocation fails during encoding. A remote attacker can trigger an allocation failure to cause a denial of service.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the VIFF encoder when handling allocation failures. A remote attacker can trigger an allocation failure to cause a denial of service.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the ICON decoder when handling an allocation failure. A remote attacker can trigger allocation failure during processing to cause a denial of service.
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the TIFF encoder when processing an invalid tiff:tile-geometry value. A remote attacker can trick the victim into processing a crafted file to cause a denial of service.
User interaction is required to process the crafted input.
18) Integer overflow (CVE-ID: CVE-2026-53466)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.
The vulnerability exists due to integer overflow in the XCF decoder when parsing a crafted image. A remote attacker can supply a specially crafted image to cause a denial of service and disclose sensitive information.
19) Heap-based buffer overflow (CVE-ID: N/A)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in the X11 import functionality when processing a crafted window title. A local privileged user can run an X11 import with a crafted window title to cause a denial of service.
User interaction is required to run the import operation.
20) Integer overflow (CVE-ID: CVE-2026-62343)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow or wraparound in the morphology operation when processing a user-supplied invalid kernel. A remote attacker can trick the victim into opening a crafted file or processing crafted input to cause a denial of service.
User interaction is required to process the crafted input.
21) Path traversal (CVE-ID: CVE-2026-49219)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to path traversal in filename parsing when processing a filename that uses a symlink. A local user can supply a crafted filename to disclose sensitive information.
The issue can bypass configured security policy restrictions on file access.
22) Stack-based buffer overflow (CVE-ID: CVE-2026-46557)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fx operation. A local attacker can trigger stack-based buffer overflow and cause a denial of service condition on the target system.
23) Out-of-bounds write (CVE-ID: CVE-2026-46559)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the JP2 encoder. A local attacker can trigger an out-of-bounds write and perform a denial of service (DoS) attack on the target system.
24) Use-after-free (CVE-ID: CVE-2026-46523)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in MSL decoder. A local attacker can perform a denial of service (DoS) attack.
25) Infinite loop (CVE-ID: CVE-2026-46522)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the MIFF decoder. A remote attacker can consume all available system resources and cause denial of service conditions.
26) Out-of-bounds write (CVE-ID: CVE-2026-46520)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in IPL decoder when reading multiple images of different dimensions. A remote attacker can trigger an out-of-bounds write and perform a denial of service (DoS) attack on the system.
27) Race condition (CVE-ID: CVE-2026-46693)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to disclose sensitive information.
The vulnerability exists due to a race condition in the distributed pixel cache server when handling connections to the magick -distribute-cache service. A local privileged user can win the race condition to hijack a file descriptor in the server process to disclose sensitive information.
28) Heap-based buffer overflow (CVE-ID: CVE-2026-46692)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in the distributed pixel cache server when handling connections to the magick -distribute-cache service. A local privileged user can connect to the service to cause a denial of service.
29) Missing Authentication for Critical Function (CVE-ID: CVE-2026-47165)
CWE-ID: CWE-306 - Missing Authentication for Critical Function
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to disclose sensitive information.
The vulnerability exists due to improper authentication in distributed pixel cache server when handling distributed pixel cache connections. A local privileged user can access the service without a challenge-response authentication model to disclose sensitive information.
30) Out-of-bounds read (CVE-ID: CVE-2026-47166)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in the distributed pixel cache server when handling connections to the magick -distribute-cache service. A local privileged user can connect to the service to disclose sensitive information and cause a denial of service.
31) Out-of-bounds write (CVE-ID: CVE-2026-46521)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in MIFF encoder when using LZMA compression. A remote attacker can trigger an out-of-bounds write and perform a denial of service (DoS) attack on the system.
32) Input validation error (CVE-ID: CVE-2026-49218)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the DCM decoder when parsing crafted DCM images. A remote attacker can supply a specially crafted DCM image to cause a denial of service.
The issue can produce an image with invalid dimensions, which may lead to crashes in subsequent operations.
33) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: N/A)
CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to create or truncate files that are disallowed by the security policy.
The vulnerability exists due to time-of-check time-of-use race condition in the policy check logic when handling file creation or truncation operations. A local user can trigger an incorrect check to create or truncate files that are disallowed by the security policy.
This is relevant for sandboxed conversion services that rely on ImageMagick path policies for write-boundary enforcement.
34) Uncontrolled Recursion (CVE-ID: CVE-2026-55594)
CWE-ID: CWE-674 - Uncontrolled Recursion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in the MVG decoder when parsing a crafted image. A remote attacker can supply a crafted image to cause a denial of service.
35) Allocation of Resources Without Limits or Throttling (CVE-ID: N/A)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in matrix-backed operations when processing crafted image content. A remote attacker can trigger matrix-based operations such as -canny to cause a denial of service.
User interaction is required to process the crafted image content.
36) Out-of-bounds write (CVE-ID: CVE-2026-55577)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds write in the MVG decoder when processing a crafted image. A remote attacker can supply a specially crafted image to cause a denial of service.
37) Infinite loop (CVE-ID: CVE-2026-55595)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to loop with unreachable exit condition in the connected-components option when processing invalid arguments. A remote attacker can provide invalid arguments to cause a denial of service.
User interaction is required to supply the invalid arguments.
38) Out-of-bounds write (CVE-ID: CVE-2026-55597)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds write in the JP2 encoder when parsing a crafted JP2 file. A remote attacker can trick the victim into opening a crafted file to cause a denial of service.
User interaction is required to open a crafted file.
39) Use-after-free (CVE-ID: N/A)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in the XMP profile parser when parsing an XMP profile. A remote attacker can supply a crafted XMP profile to cause a denial of service.
40) Missing Authorization (CVE-ID: N/A)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass policy restrictions and write to a disallowed path.
The vulnerability exists due to missing authorization in the APNG encoder and external delegates when writing files. A local user can trigger crafted processing to bypass policy restrictions and write to a disallowed path.
Remediation
Install update from vendor's website.
References
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vghg-5jrg-2398
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6jwg-7q3p-5fqm
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6vxp-gfwf-hcr9
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7c7m-fpjw-gwcq
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-76q6-2p6h-xjqr
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f5m7-cqgw-8hm7
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rcr6-g7jc-f57g
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-36wm-hprc-mcf5
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p93h-f2jc-477j
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2rgj-gx5x-f62w
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rvhp-75f6-9jqh
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh5g-q395-cx4j
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v3j6-27vc-7pw2