Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community

Type apk

Namespace alpine

Name imagemagick

Version 7.1.2.15-r0

Qualifiers

arch	x86
distroversion	edge
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.1.2.17-r0

Latest_non_vulnerable_version 7.1.2.23-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-7gh9-2rkn-rybs

vulnerability_id VCID-7gh9-2rkn-rybs

summary

ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"
A crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25983.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25983.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25983

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.0921
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25983

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/257200cb21de23404dce5f8261871845d425dee5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/257200cb21de23404dce5f8261871845d425dee5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442113
reference_id	2442113
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442113

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25983

reference_id

CVE-2026-25983

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25983

reference_url

https://github.com/advisories/GHSA-fwqw-2x5x-w566

reference_id

GHSA-fwqw-2x5x-w566

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fwqw-2x5x-w566

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566

reference_id

GHSA-fwqw-2x5x-w566

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:04:31Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566

reference_url	https://usn.ubuntu.com/8069-1/
reference_id	USN-8069-1
reference_type
scores
url	https://usn.ubuntu.com/8069-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25983, GHSA-fwqw-2x5x-w566

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gh9-2rkn-rybs

url VCID-9jms-w48q-j3cb

vulnerability_id VCID-9jms-w48q-j3cb

summary

ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write
An Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write.

```
=================================================================
==1967675==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf190b50e at pc 0x5eae8777 bp 0xffb0fdd8 sp 0xffb0fdd0
WRITE of size 1 at 0xf190b50e thread T0
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25897.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25897.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25897

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06834
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25897

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442098
reference_id	2442098
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442098

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25897

reference_id

CVE-2026-25897

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25897

reference_url

https://github.com/advisories/GHSA-6j5f-24fw-pqp4

reference_id

GHSA-6j5f-24fw-pqp4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6j5f-24fw-pqp4

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4

reference_id

GHSA-6j5f-24fw-pqp4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:23:43Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4

reference_url	https://usn.ubuntu.com/8069-1/
reference_id	USN-8069-1
reference_type
scores
url	https://usn.ubuntu.com/8069-1/

reference_url	https://usn.ubuntu.com/8263-1/
reference_id	USN-8263-1
reference_type
scores
url	https://usn.ubuntu.com/8263-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25897, GHSA-6j5f-24fw-pqp4

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jms-w48q-j3cb

url VCID-brv4-dckz-jbf5

vulnerability_id VCID-brv4-dckz-jbf5

summary

ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder
A crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25989.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25989.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25989

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05984
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25989

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d95

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d95

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442136
reference_id	2442136
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442136

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25989

reference_id

CVE-2026-25989

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25989

reference_url

https://github.com/advisories/GHSA-7355-pwx2-pm84

reference_id

GHSA-7355-pwx2-pm84

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7355-pwx2-pm84

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84

reference_id

GHSA-7355-pwx2-pm84

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:08:53Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25989, GHSA-7355-pwx2-pm84

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brv4-dckz-jbf5

url VCID-cb7k-kgac-z3cw

vulnerability_id VCID-cb7k-kgac-z3cw

summary

ImageMagick has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage)
A heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25982.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25982.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25982

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04943
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25982

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442124
reference_id	2442124
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442124

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25982

reference_id

CVE-2026-25982

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25982

reference_url

https://github.com/advisories/GHSA-pmq6-8289-hx3v

reference_id

GHSA-pmq6-8289-hx3v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pmq6-8289-hx3v

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v

reference_id

GHSA-pmq6-8289-hx3v

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:03:44Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25982, GHSA-pmq6-8289-hx3v

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cb7k-kgac-z3cw

url VCID-g8uw-e2h3-v3b2

vulnerability_id VCID-g8uw-e2h3-v3b2

summary

ImageMagick has a heap Buffer Over-read  in its DJVU image format handler
A heap Buffer Over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27799.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27799.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27799

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.05021
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27799

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T17:03:55Z/

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T17:03:55Z/

url

https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442879
reference_id	2442879
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442879

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-27799

reference_id

CVE-2026-27799

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-27799

reference_url

https://github.com/advisories/GHSA-r99p-5442-q2x2

reference_id

GHSA-r99p-5442-q2x2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r99p-5442-q2x2

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2

reference_id

GHSA-r99p-5442-q2x2

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T17:03:55Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-27799, GHSA-r99p-5442-q2x2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8uw-e2h3-v3b2

url VCID-gq4t-qh62-gqgy

vulnerability_id VCID-gq4t-qh62-gqgy

summary

ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
A heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer.

```
=================================================================
==204642==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5170000002e0 at pc 0x562d21a7e8de bp 0x7fffa9ae1270 sp 0x7fffa9ae1260
WRITE of size 8 at 0x5170000002e0 thread T0
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25986.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25986.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25986

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.08253
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25986

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442111
reference_id	2442111
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442111

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25986

reference_id

CVE-2026-25986

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25986

reference_url

https://github.com/advisories/GHSA-mqfc-82jx-3mr2

reference_id

GHSA-mqfc-82jx-3mr2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mqfc-82jx-3mr2

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2

reference_id

GHSA-mqfc-82jx-3mr2

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:06:36Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2

reference_url	https://usn.ubuntu.com/8069-1/
reference_id	USN-8069-1
reference_type
scores
url	https://usn.ubuntu.com/8069-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25986, GHSA-mqfc-82jx-3mr2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gq4t-qh62-gqgy

url VCID-h5xh-sqxg-h7a2

vulnerability_id VCID-h5xh-sqxg-h7a2

summary

ImageMagick: Possible memory leak in ASHLAR encoder
A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed.

```
==880062== Memcheck, a memory error detector
==880062== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==880062== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==880062==
==880062==
==880062== HEAP SUMMARY:
==880062==     in use at exit: 386,826 bytes in 696 blocks
==880062==   total heap usage: 30,523 allocs, 29,827 frees, 21,803,756 bytes allocated
==880062==
==880062== LEAK SUMMARY:
==880062==    definitely lost: 3,408 bytes in 3 blocks
==880062==    indirectly lost: 88,885 bytes in 30 blocks
==880062==      possibly lost: 140,944 bytes in 383 blocks
==880062==    still reachable: 151,573 bytes in 259 blocks
==880062==         suppressed: 0 bytes in 0 blocks
==880062== Reachable blocks (those to which a pointer was found) are not shown.
==880062== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==880062==
==880062== For lists of detected and suppressed errors, rerun with: -s
==880062== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25637.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25637.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25637

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.054
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25637

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442114
reference_id	2442114
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442114

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25637

reference_id

CVE-2026-25637

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25637

reference_url

https://github.com/advisories/GHSA-gm37-qx7w-p258

reference_id

GHSA-gm37-qx7w-p258

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gm37-qx7w-p258

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258

reference_id

GHSA-gm37-qx7w-p258

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258

reference_url	https://usn.ubuntu.com/8263-1/
reference_id	USN-8263-1
reference_type
scores
url	https://usn.ubuntu.com/8263-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25637, GHSA-gm37-qx7w-p258

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5xh-sqxg-h7a2

url VCID-jrwg-mmqw-3bcg

vulnerability_id VCID-jrwg-mmqw-3bcg

summary

ImageMagick: Policy bypass through path traversal allows reading restricted content despite secured policy
ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied.

Actions to prevent reading from files have been taken. But it make sure writing is also not possible the following should be added to your policy:

```
<policy domain="path" rights="none" pattern="*../*"/>
```

And this will also be included in the project's more secure policies by default.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25965.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25965.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25965

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.05296
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25965

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442118
reference_id	2442118
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442118

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25965

reference_id

CVE-2026-25965

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25965

reference_url

https://github.com/advisories/GHSA-8jvj-p28h-9gm7

reference_id

GHSA-8jvj-p28h-9gm7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8jvj-p28h-9gm7

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7

reference_id

GHSA-8jvj-p28h-9gm7

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:28:41Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7

reference_url	https://access.redhat.com/errata/RHSA-2026:5573
reference_id	RHSA-2026:5573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5573

reference_url	https://usn.ubuntu.com/8263-1/
reference_id	USN-8263-1
reference_type
scores
url	https://usn.ubuntu.com/8263-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25965, GHSA-8jvj-p28h-9gm7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrwg-mmqw-3bcg

url VCID-n1tb-wdey-fyht

vulnerability_id VCID-n1tb-wdey-fyht

summary

ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash
A logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service.

```
coders/yuv.c:210:47: runtime error: division by zero
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3543373==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x55deeb4d723c bp 0x7fffc28d34d0 sp 0x7fffc28d3320 T0)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25799.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25799.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25799

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.06008
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25799

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/49000e7298fbfdd759ac2c46f740f40c2e9b7452

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/49000e7298fbfdd759ac2c46f740f40c2e9b7452

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442120
reference_id	2442120
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442120

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25799

reference_id

CVE-2026-25799

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25799

reference_url

https://github.com/advisories/GHSA-543g-8grm-9cw6

reference_id

GHSA-543g-8grm-9cw6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-543g-8grm-9cw6

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6

reference_id

GHSA-543g-8grm-9cw6

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:22:05Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6

reference_url	https://usn.ubuntu.com/8127-1/
reference_id	USN-8127-1
reference_type
scores
url	https://usn.ubuntu.com/8127-1/

reference_url	https://usn.ubuntu.com/8263-1/
reference_id	USN-8263-1
reference_type
scores
url	https://usn.ubuntu.com/8263-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25799, GHSA-543g-8grm-9cw6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1tb-wdey-fyht

url VCID-q9dt-caxa-yqfd

vulnerability_id VCID-q9dt-caxa-yqfd

summary

ImageMagick: MSL - Stack overflow in ProcessMSLScript
Magick fails to check for circular references between two MSLs, leading to a stack overflow.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25971.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25971.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25971

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.14144
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25971

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442117
reference_id	2442117
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442117

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25971

reference_id

CVE-2026-25971

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25971

reference_url

https://github.com/advisories/GHSA-8mpr-6xr2-chhc

reference_id

GHSA-8mpr-6xr2-chhc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8mpr-6xr2-chhc

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc

reference_id

GHSA-8mpr-6xr2-chhc

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25971, GHSA-8mpr-6xr2-chhc

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9dt-caxa-yqfd

url VCID-r1wz-w1et-27fu

vulnerability_id VCID-r1wz-w1et-27fu

summary

ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write.
A stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption.

```
=================================================================
==278522==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdb8c76984 at pc 0x55a4bf16f507 bp 0x7ffdb8c75bc0 sp 0x7ffdb8c75bb0
WRITE of size 1 at 0x7ffdb8c76984 thread T0
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25968.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25968.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25968

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.20065
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25968

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442125
reference_id	2442125
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442125

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25968

reference_id

CVE-2026-25968

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25968

reference_url

https://github.com/advisories/GHSA-3mwp-xqp2-q6ph

reference_id

GHSA-3mwp-xqp2-q6ph

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3mwp-xqp2-q6ph

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph

reference_id

GHSA-3mwp-xqp2-q6ph

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph

reference_url	https://usn.ubuntu.com/8069-1/
reference_id	USN-8069-1
reference_type
scores
url	https://usn.ubuntu.com/8069-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25968, GHSA-3mwp-xqp2-q6ph

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1wz-w1et-27fu

url VCID-rvbg-1ycj-9ugq

vulnerability_id VCID-rvbg-1ycj-9ugq

summary

ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS
Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24484.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24484.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24484

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.054
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24484

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:41:00Z/

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:41:00Z/

url

https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442085
reference_id	2442085
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442085

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24484

reference_id

CVE-2026-24484

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24484

reference_url

https://github.com/advisories/GHSA-wg3g-gvx5-2pmv

reference_id

GHSA-wg3g-gvx5-2pmv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wg3g-gvx5-2pmv

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv

reference_id

GHSA-wg3g-gvx5-2pmv

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:41:00Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv

reference_url	https://usn.ubuntu.com/8263-1/
reference_id	USN-8263-1
reference_type
scores
url	https://usn.ubuntu.com/8263-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-24484, GHSA-wg3g-gvx5-2pmv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvbg-1ycj-9ugq

url VCID-s4eg-rpag-8yaz

vulnerability_id VCID-s4eg-rpag-8yaz

summary

ImageMagick has a heap buffer over-read in its MAP image decoder
A heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding.

```
=================================================================
==4070926==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000002b31 at pc 0x56517afbd910 bp 0x7ffc59e90000 sp 0x7ffc59e8fff0
READ of size 1 at 0x502000002b31 thread T0
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25987.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25987.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25987

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03989
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25987

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442115
reference_id	2442115
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442115

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25987

reference_id

CVE-2026-25987

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25987

reference_url

https://github.com/advisories/GHSA-42p5-62qq-mmh7

reference_id

GHSA-42p5-62qq-mmh7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-42p5-62qq-mmh7

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7

reference_id

GHSA-42p5-62qq-mmh7

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:07:26Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7

reference_url	https://usn.ubuntu.com/8069-1/
reference_id	USN-8069-1
reference_type
scores
url	https://usn.ubuntu.com/8069-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25987, GHSA-42p5-62qq-mmh7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4eg-rpag-8yaz

url VCID-tgmn-sscv-uycj

vulnerability_id VCID-tgmn-sscv-uycj

summary

ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption
A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows.

```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==143838==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25970.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25970.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25970

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18833
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25970

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442108
reference_id	2442108
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442108

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25970

reference_id

CVE-2026-25970

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25970

reference_url

https://github.com/advisories/GHSA-xg29-8ghv-v4xr

reference_id

GHSA-xg29-8ghv-v4xr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xg29-8ghv-v4xr

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr

reference_id

GHSA-xg29-8ghv-v4xr

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr

reference_url	https://usn.ubuntu.com/8127-1/
reference_id	USN-8127-1
reference_type
scores
url	https://usn.ubuntu.com/8127-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25970, GHSA-xg29-8ghv-v4xr

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgmn-sscv-uycj

url VCID-tyes-jyqv-7uf2

vulnerability_id VCID-tyes-jyqv-7uf2

summary

ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder
A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort.

Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25985

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.05623
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25985

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442127
reference_id	2442127
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442127

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25985

reference_id

CVE-2026-25985

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25985

reference_url

https://github.com/advisories/GHSA-v7g2-m8c5-mf84

reference_id

GHSA-v7g2-m8c5-mf84

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v7g2-m8c5-mf84

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84

reference_id

GHSA-v7g2-m8c5-mf84

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:05:38Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84

reference_url	https://access.redhat.com/errata/RHSA-2026:5573
reference_id	RHSA-2026:5573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5573

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-25985, GHSA-v7g2-m8c5-mf84

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyes-jyqv-7uf2

url VCID-ve6k-6zy3-2bby

vulnerability_id VCID-ve6k-6zy3-2bby

summary

ImageMagick: Heap overflow in pcd decoder leads to out of bounds read.
The pcd coder lacks proper boundary checking when processing Huffman-coded data. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read.

```
==3900053==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000003c6c at pc 0x55601b9cc552 bp 0x7ffd904b1f70 sp 0x7ffd904b1f60
READ of size 1 at 0x502000003c6c thread T0
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26284.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26284.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-26284

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06834
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-26284

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442137
reference_id	2442137
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442137

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-26284

reference_id

CVE-2026-26284

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-26284

reference_url

https://github.com/advisories/GHSA-wrhr-rf8j-r842

reference_id

GHSA-wrhr-rf8j-r842

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wrhr-rf8j-r842

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842

reference_id

GHSA-wrhr-rf8j-r842

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:46:33Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842

reference_url	https://usn.ubuntu.com/8069-1/
reference_id	USN-8069-1
reference_type
scores
url	https://usn.ubuntu.com/8069-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-26284, GHSA-wrhr-rf8j-r842

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ve6k-6zy3-2bby

url VCID-vk7z-55be-cqbm

vulnerability_id VCID-vk7z-55be-cqbm

summary

ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression
A heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24481

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04681
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24481

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24481

reference_id

CVE-2026-24481

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24481

reference_url

https://github.com/advisories/GHSA-96pc-27rx-pr36

reference_id

GHSA-96pc-27rx-pr36

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-96pc-27rx-pr36

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36

reference_id

GHSA-96pc-27rx-pr36

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:39:38Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36

reference_url	https://usn.ubuntu.com/8263-1/
reference_id	USN-8263-1
reference_type
scores
url	https://usn.ubuntu.com/8263-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-24481, GHSA-96pc-27rx-pr36

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vk7z-55be-cqbm

url VCID-vxtp-qf2n-s3b2

vulnerability_id VCID-vxtp-qf2n-s3b2

summary

ImageMagick: Infinite loop vulnerability when parsing a PCD file
When a PCD file does not contain a valid marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24485.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24485.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24485

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.05577
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24485

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:48:11Z/

url

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

reference_url

https://github.com/ImageMagick/ImageMagick

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ImageMagick/ImageMagick

reference_url

https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:48:11Z/

url

https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442091
reference_id	2442091
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442091

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24485

reference_id

CVE-2026-24485

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24485

reference_url

https://github.com/advisories/GHSA-pqgj-2p96-rx85

reference_id

GHSA-pqgj-2p96-rx85

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pqgj-2p96-rx85

reference_url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85

reference_id

GHSA-pqgj-2p96-rx85

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:48:11Z/

url

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85

reference_url	https://usn.ubuntu.com/8263-1/
reference_id	USN-8263-1
reference_type
scores
url	https://usn.ubuntu.com/8263-1/

fixed_packages

url	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

aliases CVE-2026-24485, GHSA-pqgj-2p96-rx85

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxtp-qf2n-s3b2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=edge&reponame=community

Package Instance