Lookup for vulnerable packages by Package URL.
| Purl | pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.12.0 |
|---|
| Type | nuget |
|---|
| Namespace | |
|---|
| Name | Magick.NET-Q16-HDRI-OpenMP-x64 |
|---|
| Version | 14.12.0 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | null |
|---|
| Latest_non_vulnerable_version | null |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-4zrw-tv4p-6fg3 |
| vulnerability_id |
VCID-4zrw-tv4p-6fg3 |
| summary |
ImageMagick has a heap-buffer-overflow in FTXT encoder
The FTXT encoder lacks a boundary check when parsing `ftxt:format`, resulting in an out of bounds read.
```
==3040863==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000085b2 at pc 0x606c1ee0c6ce bp 0x7ffee30d6150 sp 0x7ffee30d6148
READ of size 1 at 0x5020000085b2 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-w54j-7wpm-crhj
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4zrw-tv4p-6fg3 |
|
| 1 |
|
| 2 |
| url |
VCID-ayjc-27p7-xkfs |
| vulnerability_id |
VCID-ayjc-27p7-xkfs |
| summary |
ImageMagick has has a stack-buffer-overflow in MNG encoder with oversized pallete
The patch for GHSA-7h7q-j33q-hvpf was incomplete and still allows a stack buffer overflow for the multi frame images. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-98cp-rj9f-6v5g
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ayjc-27p7-xkfs |
|
| 3 |
| url |
VCID-bkhu-mtsz-wubs |
| vulnerability_id |
VCID-bkhu-mtsz-wubs |
| summary |
ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value
An unrecognized magnify:method will result in an out of bounds read in the magnify operation.
```
==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30
READ of size 4 at 0x61a000000b30 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-8vfj-q2cp-5m5j
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bkhu-mtsz-wubs |
|
| 4 |
| url |
VCID-es84-ey86-wkfp |
| vulnerability_id |
VCID-es84-ey86-wkfp |
| summary |
ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing
An incorrect morphology would allow an out of bounds read of a single pixel.
```
==1200284==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5100000002d0 at pc 0x59e28e60c27a bp 0x7fff047fd8e0 sp 0x7fff047fd8d0
READ of size 4 at 0x5100000002d0 thread T0
``` |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-q8h3-jv9v-57qx
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-es84-ey86-wkfp |
|
| 5 |
| url |
VCID-zdnb-14uw-xucc |
| vulnerability_id |
VCID-zdnb-14uw-xucc |
| summary |
ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts
When the `connected-components:*` define specifies an invalid index and out of bound operation will result in an access violation. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-pmpg-6pww-fg6q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zdnb-14uw-xucc |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.12.0 |
|---|