Related changes in ImageMagick since the last release of Magick.NET:
- Fixed OpenCL initialization (#1954)
- Heap buffer over-read in WaveletDenoise with small images (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f)
- Possible infinite loop in JPEG encoder when using
jpeg:extent(GHSA-gwr3-x37h-h84v) - Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (GHSA-v994-63cg-9wj3)
- Invalid MSL can result in a use after free (GHSA-w8mw-frc6-r7m8)
- Out of bounds read in djvu decoder (https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2)
- Memory allocation with excessive without limits in the internal SVG decoder (GHSA-v7g2-m8c5-mf84)
- Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder (GHSA-7355-pwx2-pm84)
- Heap overflow in sun decoder on 32-bit systems can result in out of bounds write (GHSA-6j5f-24fw-pqp4)
- Code injection in various encoders (GHSA-rw6c-xp26-225v)
- Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer (GHSA-vpxv-r9pg-7gpr)
- Heap-buffer-overflow via signed integer overflow in
WriteUHDRImagewhen writing UHDR images with large dimensions (GHSA-vhqj-f5cj-9x8h) - Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (GHSA-g2pr-qxjg-7r2w)
- NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c) (GHSA-p33r-fqw2-rqmm)
- Possible memory leak in ASHLAR encoder (GHSA-gm37-qx7w-p258)
- Policy bypass through path traversal allows reading restricted content despite secured policy (GHSA-8jvj-p28h-9gm7)
- Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access (GHSA-xwc6-v6g8-pw2h)
- Heap buffer overflow in YUV 4:2:2 decoder (GHSA-mqfc-82jx-3mr2)
- Heap buffer over-read in MAP image decoder (GHSA-42p5-62qq-mmh7)
- NULL Pointer Dereference in ClonePixelCacheRepository via crafted image (GHSA-p863-5fgm-rgq4)
- Division-by-Zero in YUV sampling factor validation leads to crash (GHSA-543g-8grm-9cw6)
- Stack buffer overflow in FTXT reader via oversized integer field (GHSA-72hf-fj62-w6j4)
- MSL image stack index not refreshed leading to leaked images (GHSA-782x-jh29-9mf7)
- MSL attribute stack buffer overflow leads to out of bounds write (GHSA-3mwp-xqp2-q6ph)
- Memory leak in msl encoder (GHSA-gxcx-qjqp-8vjw)
- Memory Leak in coders/ashlar.c (GHSA-xgm3-v4r9-wfgm)
- Signed Integer Overflow in ImageMagick SIXEL Decoder (GHSA-xg29-8ghv-v4xr)
- MSL: Stack overflow in ProcessMSLScript (GHSA-8mpr-6xr2-chhc)
- Heap Out-of-Bounds Read in DCM Decoder (GHSA-pmq6-8289-hx3v)
- Out of bounds read in multiple coders that read raw pixel data (GHSA-jv4p-gjwq-9r2j)
- Use After Free (CWE-416) in MSLStartElement in MSL decoder (GHSA-fwqw-2x5x-w566)
- Possible Heap Information Disclosure in PSD ZIP Decompression (GHSA-96pc-27rx-pr36)
- Converting multi-layer nested MVG to SVG can cause DoS (GHSA-wg3g-gvx5-2pmv)
- An infinite loop vulnerability when parsing a PCD file (GHSA-pqgj-2p96-rx85)
- Heap overflow in pcd decoder leads to out of bounds read (GHSA-wrhr-rf8j-r842)
Library updates:
- ImageMagick 7.1.2-15 (2026-02-22)
- gdk-pixbuf 2.44.5 (2026-01-29)
- harfbuzz 12.3.2 (2026-01-24)
- libheif 1.21.2 (2026-01-16)
- libjxl 0.11.2 (2026-02-10)
- libpng 1.6.55 (2026-02-09)
- libraqm 0.10.4 (2026-02-05)
- openjph 0.26.3 (2026-02-17)
- zlib 1.3.2 (2026-02-17)
Full Changelog: 14.10.2...14.10.3