Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1067703?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "type": "apk", "namespace": "alpine", "name": "imagemagick", "version": "7.1.2.19-r0", "qualifiers": { "arch": "x86_64", "distroversion": "v3.23", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351738?format=api", "vulnerability_id": "VCID-2yv5-qdeg-9bag", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via heap write overflow in JXL encoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01634", "published_at": "2026-04-18T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00203", "published_at": "2026-04-21T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00204", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40183" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:07:54Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/1c7767fc5f822c6edc104c1220d523e96fa20b5a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/1c7767fc5f822c6edc104c1220d523e96fa20b5a" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:07:54Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jvgr-9ph5-m8v4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:07:54Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jvgr-9ph5-m8v4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40183", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458054", "reference_id": "2458054", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458054" }, { "reference_url": "https://github.com/advisories/GHSA-jvgr-9ph5-m8v4", "reference_id": "GHSA-jvgr-9ph5-m8v4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvgr-9ph5-m8v4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-40183", "GHSA-jvgr-9ph5-m8v4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yv5-qdeg-9bag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351735?format=api", "vulnerability_id": "VCID-381g-7gdr-qydg", "summary": "ImageMagick: Magick.NET: ImageMagick and Magick.NET: Denial of Service via malicious MSL file processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01596", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00199", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40312", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40312" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458044", "reference_id": "2458044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458044" }, { "reference_url": "https://github.com/advisories/GHSA-5xg3-585r-9jh5", "reference_id": "GHSA-5xg3-585r-9jh5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5xg3-585r-9jh5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-40312", "GHSA-5xg3-585r-9jh5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-381g-7gdr-qydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351737?format=api", "vulnerability_id": "VCID-441f-z9bp-vbdu", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of service via heap out-of-bounds write in JP2 encoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40310.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01596", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00287", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40310" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40310", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40310" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627", "reference_id": "1134627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458047", "reference_id": "2458047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458047" }, { "reference_url": "https://github.com/advisories/GHSA-pwg5-6jfc-crvh", "reference_id": "GHSA-pwg5-6jfc-crvh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwg5-6jfc-crvh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-40310", "GHSA-pwg5-6jfc-crvh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-441f-z9bp-vbdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351739?format=api", "vulnerability_id": "VCID-4s37-h3p7-6uab", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via crafted image leading to out-of-bounds write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01567", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00212", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40169" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:52:23Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:52:23Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:52:23Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:52:23Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40169", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458042", "reference_id": "2458042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458042" }, { "reference_url": "https://github.com/advisories/GHSA-5592-p365-24xh", "reference_id": "GHSA-5592-p365-24xh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5592-p365-24xh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-40169", "GHSA-5592-p365-24xh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4s37-h3p7-6uab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351736?format=api", "vulnerability_id": "VCID-6v1d-1wfr-vqd1", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via heap use-after-free in XMP profile processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40311.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03186", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03313", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00319", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0032", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40311" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:48:25Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:48:25Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:48:25Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:48:25Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40311" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627", "reference_id": "1134627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458051", "reference_id": "2458051", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458051" }, { "reference_url": "https://github.com/advisories/GHSA-r83h-crwp-3vm7", "reference_id": "GHSA-r83h-crwp-3vm7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r83h-crwp-3vm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-40311", "GHSA-r83h-crwp-3vm7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6v1d-1wfr-vqd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351744?format=api", "vulnerability_id": "VCID-7gb9-gd78-7bdu", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service due to heap buffer overflow in MVG decoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33901.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33901.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11197", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12234", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16594", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16691", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33901" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458023", "reference_id": "2458023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458023" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33901", "reference_id": "CVE-2026-33901", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33901" }, { "reference_url": "https://github.com/advisories/GHSA-x9h5-r9v2-vcww", "reference_id": "GHSA-x9h5-r9v2-vcww", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x9h5-r9v2-vcww" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww", "reference_id": "GHSA-x9h5-r9v2-vcww", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-33901", "GHSA-x9h5-r9v2-vcww" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7gb9-gd78-7bdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351745?format=api", "vulnerability_id": "VCID-eeju-vhdm-aqbe", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via integer truncation in viff encoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33900.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33900.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04973", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04936", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13313", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33900" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:30Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:30Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:30Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458020", "reference_id": "2458020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458020" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33900", "reference_id": "CVE-2026-33900", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33900" }, { "reference_url": "https://github.com/advisories/GHSA-v67w-737x-v2c9", "reference_id": "GHSA-v67w-737x-v2c9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v67w-737x-v2c9" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9", "reference_id": "GHSA-v67w-737x-v2c9", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:30Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-33900", "GHSA-v67w-737x-v2c9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eeju-vhdm-aqbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351742?format=api", "vulnerability_id": "VCID-egwu-28fp-dye6", "summary": "ImageMagick: ImageMagick: Denial of service via out-of-bounds read in -sample operation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33905.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01762", "published_at": "2026-04-18T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00246", "published_at": "2026-04-21T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00245", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33905", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458055", "reference_id": "2458055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458055" }, { "reference_url": "https://github.com/advisories/GHSA-pcvx-ph33-r5vv", "reference_id": "GHSA-pcvx-ph33-r5vv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcvx-ph33-r5vv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-33905", "GHSA-pcvx-ph33-r5vv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egwu-28fp-dye6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351743?format=api", "vulnerability_id": "VCID-j6tc-f4fc-mbcv", "summary": "ImageMagick: ImageMagick: Denial of Service via deeply nested expression in FX parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33902.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33902.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01634", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02151", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02118", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33902" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33902", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33902" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458040", "reference_id": "2458040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458040" }, { "reference_url": "https://github.com/advisories/GHSA-f4qm-vj5j-9xpw", "reference_id": "GHSA-f4qm-vj5j-9xpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4qm-vj5j-9xpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-33902", "GHSA-f4qm-vj5j-9xpw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6tc-f4fc-mbcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351740?format=api", "vulnerability_id": "VCID-qjxn-gm96-7ygc", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via integer overflow in despeckle operation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34238.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34238.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01596", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03675", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03681", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34238" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:46:28Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:46:28Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:46:28Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458048", "reference_id": "2458048", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458048" }, { "reference_url": "https://github.com/advisories/GHSA-26qp-ffjh-2x4v", "reference_id": "GHSA-26qp-ffjh-2x4v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-26qp-ffjh-2x4v" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v", "reference_id": "GHSA-26qp-ffjh-2x4v", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:46:28Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-34238", "GHSA-26qp-ffjh-2x4v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjxn-gm96-7ygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23948?format=api", "vulnerability_id": "VCID-tt6z-t31v-dkdd", "summary": "ImageMagick has an Out-of-bounds Write via InterpretImageFilename\nDue to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write.\n\n```\n=================================================================\n==48558==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00016b9b7490 at pc 0x0001046d48ac bp 0x00016b9b31d0 sp 0x00016b9b31c8\nWRITE of size 1 at 0x00016b9b7490 thread T0\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33536", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04109", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04429", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04528", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04412", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04423", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04367", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04359", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04368", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04391", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04408", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33536" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:44:35Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33536", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33536" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451849", "reference_id": "2451849", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451849" }, { "reference_url": "https://github.com/advisories/GHSA-8793-7xv6-82cf", "reference_id": "GHSA-8793-7xv6-82cf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8793-7xv6-82cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-33536", "GHSA-8793-7xv6-82cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tt6z-t31v-dkdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351741?format=api", "vulnerability_id": "VCID-uvkp-1zss-57gr", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via deeply nested XML file processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33908.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0495", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04914", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12451", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13268", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33908" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458041", "reference_id": "2458041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458041" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33908", "reference_id": "CVE-2026-33908", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33908" }, { "reference_url": "https://github.com/advisories/GHSA-fwvm-ggf6-2p4x", "reference_id": "GHSA-fwvm-ggf6-2p4x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwvm-ggf6-2p4x" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x", "reference_id": "GHSA-fwvm-ggf6-2p4x", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-33908", "GHSA-fwvm-ggf6-2p4x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvkp-1zss-57gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351746?format=api", "vulnerability_id": "VCID-w9zg-tsbg-afa1", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via out-of-bounds write in XML parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33899.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33899.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04425", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04409", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11639", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12406", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33899" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458026", "reference_id": "2458026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458026" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33899", "reference_id": "CVE-2026-33899", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33899" }, { "reference_url": "https://github.com/advisories/GHSA-cr67-pvmx-2pp2", "reference_id": "GHSA-cr67-pvmx-2pp2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr67-pvmx-2pp2" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2", "reference_id": "GHSA-cr67-pvmx-2pp2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-33899", "GHSA-cr67-pvmx-2pp2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9zg-tsbg-afa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23167?format=api", "vulnerability_id": "VCID-zvq4-ybph-buga", "summary": "ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction\nAn out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33535.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02792", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0274", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02764", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02744", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02762", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0277", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02773", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02735", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02724", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04197", "published_at": "2026-04-02T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00252", "published_at": "2026-04-24T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00253", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33535" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33535", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33535" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:50Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33535", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451855", "reference_id": "2451855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451855" }, { "reference_url": "https://github.com/advisories/GHSA-mw3m-pqr2-qv7c", "reference_id": "GHSA-mw3m-pqr2-qv7c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mw3m-pqr2-qv7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1067703?format=api", "purl": "pkg:apk/alpine/imagemagick@7.1.2.19-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2026-33535", "GHSA-mw3m-pqr2-qv7c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zvq4-ybph-buga" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.19-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" }