| 0 |
| url |
VCID-1cpn-zvem-v7gt |
| vulnerability_id |
VCID-1cpn-zvem-v7gt |
| summary |
ImageMagick has uninitialized pointer dereference in JBIG decoder
An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28691 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17474 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17542 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17495 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17414 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18877 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18928 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18975 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18725 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18746 |
| published_at |
2026-04-24T12:55:00Z |
|
| 10 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18858 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18843 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.1883 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28691 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28691, GHSA-wj8w-pjxf-9g4f
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1cpn-zvem-v7gt |
|
| 1 |
| url |
VCID-2zje-ag2v-7kac |
| vulnerability_id |
VCID-2zje-ag2v-7kac |
| summary |
ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation
A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.
```
=================================================================
==741961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000083dc at pc 0x56553b4c4245 bp 0x7ffd9d20fef0 sp 0x7ffd9d20fee0
WRITE of size 1 at 0x5020000083dc thread T0
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30937 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02792 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02773 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.0277 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02764 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02749 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04002 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03919 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03902 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03875 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03854 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03864 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03984 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03996 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30937 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-30937, GHSA-qpg4-j99f-8xcg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2zje-ag2v-7kac |
|
| 2 |
| url |
VCID-54da-fzyt-4ud2 |
| vulnerability_id |
VCID-54da-fzyt-4ud2 |
| summary |
ImageMagick has stack write buffer overflow in MNG encoder
A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.
```
==2265506==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec4971310 at pc 0x55e671b8a072 bp 0x7ffec4970f70 sp 0x7ffec4970f68
WRITE of size 1 at 0x7ffec4971310 thread T0
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28690 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02324 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02321 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02326 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02346 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02316 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02837 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02924 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02937 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02943 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02826 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02817 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02832 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02856 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28690 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28690, GHSA-7h7q-j33q-hvpf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-54da-fzyt-4ud2 |
|
| 3 |
| url |
VCID-6h7x-3rue-kucp |
| vulnerability_id |
VCID-6h7x-3rue-kucp |
| summary |
ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder
In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.
```
=================================================================
==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70
READ of size 8 at 0x506000003b40 thread T0
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28692 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05647 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05608 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05673 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05611 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05574 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06139 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06291 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06264 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06248 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.061 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06089 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06128 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06135 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28692 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28692, GHSA-mrmj-x24c-wwcv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6h7x-3rue-kucp |
|
| 4 |
| url |
VCID-bw4q-dt1r-y3e4 |
| vulnerability_id |
VCID-bw4q-dt1r-y3e4 |
| summary |
ImageMagick has heap-based buffer overflow in UHDR encoder
A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.
```
================================================================
==2158399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000039500 at pc 0x562a4a42f968 bp 0x7ffcca4ed6c0 sp 0x7ffcca4ed6b0
WRITE of size 1 at 0x521000039500 thread T0
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30931 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02791 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02787 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02779 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02811 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02764 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03928 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04026 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04019 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04009 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03889 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03878 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03899 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03945 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30931 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-30931, GHSA-h95r-c8c7-mrwx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bw4q-dt1r-y3e4 |
|
| 5 |
| url |
VCID-cuhw-ew1g-s3h2 |
| vulnerability_id |
VCID-cuhw-ew1g-s3h2 |
| summary |
ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder
A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.
```
=================================================================
==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150
READ of size 8 at 0x527000011550 thread T0
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28687 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16984 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16896 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.17114 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.17042 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.17059 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18472 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18288 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18302 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18402 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18377 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18365 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18421 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.1852 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28687 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28687, GHSA-fpvf-frm6-625q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cuhw-ew1g-s3h2 |
|
| 6 |
| url |
VCID-dabd-m3mf-3ker |
| vulnerability_id |
VCID-dabd-m3mf-3ker |
| summary |
ImageMagick has Heap Buffer Over-Read in BilateralBlurImage
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur.
```
=================================================================
==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370
READ of size 4 at 0x50a0000079c0 thread T0
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30935 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02421 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02416 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02417 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02441 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02407 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02954 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03039 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03051 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03052 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02931 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02921 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02945 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02977 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30935 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-30935, GHSA-cqw9-w2m7-r2m2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dabd-m3mf-3ker |
|
| 7 |
| url |
VCID-g41y-dv8u-3yf1 |
| vulnerability_id |
VCID-g41y-dv8u-3yf1 |
| summary |
ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage
A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.
```
=================================================================
==661320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000002754 at pc 0x5ff45f82c92a bp 0x7fffb732b400 sp 0x7fffb732b3f0
WRITE of size 4 at 0x503000002754 thread T0
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30936 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04412 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04378 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04368 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04429 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04346 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05114 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05273 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05231 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.052 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05052 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05047 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05099 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.0513 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30936 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-30936, GHSA-5ggv-92r5-cp4p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g41y-dv8u-3yf1 |
|
| 8 |
| url |
VCID-g679-q851-xub7 |
| vulnerability_id |
VCID-g679-q851-xub7 |
| summary |
ImageMagick: stack-based buffer overflow in sixel encoder |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32259 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04189 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04127 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04143 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04175 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04169 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04151 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.0479 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.0498 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05021 |
| published_at |
2026-04-26T12:55:00Z |
|
| 10 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04841 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04944 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04799 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32259 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-32259
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
6.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g679-q851-xub7 |
|
| 9 |
| url |
VCID-jc5m-7rvc-2qg6 |
| vulnerability_id |
VCID-jc5m-7rvc-2qg6 |
| summary |
ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash
The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32636 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04293 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04277 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04268 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04297 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04318 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.0426 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04332 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.0434 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04281 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04324 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.0517 |
| published_at |
2026-04-26T12:55:00Z |
|
| 11 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05128 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05103 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-32636 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-32636, GHSA-gc62-2v5p-qpmp
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jc5m-7rvc-2qg6 |
|
| 10 |
| url |
VCID-n47w-r932-abey |
| vulnerability_id |
VCID-n47w-r932-abey |
| summary |
ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder
An extremely large image profile could result in a heap overflow when encoding a PNG image. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30883 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00677 |
| published_at |
2026-04-26T12:55:00Z |
|
| 1 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00447 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00446 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00439 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00435 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00437 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00642 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00637 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00638 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00631 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00636 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
7e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00676 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30883 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-30883, GHSA-qmw5-2p58-xvrc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n47w-r932-abey |
|
| 11 |
| url |
VCID-r3vw-ncns-cqgb |
| vulnerability_id |
VCID-r3vw-ncns-cqgb |
| summary |
ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder
An overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31853 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02624 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02649 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02629 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02625 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02621 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02606 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03326 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03252 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.0323 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03205 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03215 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03335 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-31853 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-31853, GHSA-56jp-jfqg-f8f4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r3vw-ncns-cqgb |
|
| 12 |
| url |
VCID-rbdg-vz8x-ykah |
| vulnerability_id |
VCID-rbdg-vz8x-ykah |
| summary |
ImageMagick has heap use-after-free in the MSL encoder
A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed.
```
SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage
Shadow bytes around the buggy address:
0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
0x0a4e800074b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
0x0a4e800074c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0a4e800074d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0a4e800074e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0a4e800074f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28688 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12789 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12806 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12854 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12659 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12738 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13832 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14015 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13978 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13902 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13897 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13928 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28688 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28688, GHSA-xxw5-m53x-j38c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rbdg-vz8x-ykah |
|
| 13 |
| url |
VCID-rj9n-ra1t-77dy |
| vulnerability_id |
VCID-rj9n-ra1t-77dy |
| summary |
ImageMagick has stack buffer overflow in MagnifyImage
MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30929 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02791 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02787 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02779 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02811 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02764 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03928 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04026 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04019 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04009 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03889 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03878 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03899 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.03945 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-30929 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-30929, GHSA-rqq8-jh93-f4vg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rj9n-ra1t-77dy |
|
| 14 |
| url |
VCID-rjkf-pdny-2fhn |
| vulnerability_id |
VCID-rjkf-pdny-2fhn |
| summary |
ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays
A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28494 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02649 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02629 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02625 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02621 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02606 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03326 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03279 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03252 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.0323 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03205 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03215 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03335 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28494 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28494, GHSA-932h-jw47-73jm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rjkf-pdny-2fhn |
|
| 15 |
| url |
VCID-sw7g-hxxr-n3e1 |
| vulnerability_id |
VCID-sw7g-hxxr-n3e1 |
| summary |
ImageMagick has a Path Policy TOCTOU symlink race bypass
`domain="path"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28689 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00712 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00722 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00723 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00718 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00721 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00953 |
| published_at |
2026-04-26T12:55:00Z |
|
| 6 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00896 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.0089 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00892 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00889 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00945 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00949 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28689 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28689, GHSA-493f-jh8w-qhx3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sw7g-hxxr-n3e1 |
|
| 16 |
| url |
VCID-x8c6-9pse-xkc8 |
| vulnerability_id |
VCID-x8c6-9pse-xkc8 |
| summary |
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write
An integer overflow in DIB coder can result in out of bounds read or write |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28693 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18595 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18515 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18798 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18648 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18744 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20102 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.19914 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.19919 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20029 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.2003 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20026 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20044 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00065 |
| scoring_system |
epss |
| scoring_elements |
0.20148 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28693 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28693, GHSA-hffp-q43q-qq76
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x8c6-9pse-xkc8 |
|
| 17 |
| url |
VCID-y58b-be93-hbfd |
| vulnerability_id |
VCID-y58b-be93-hbfd |
| summary |
ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer
A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.
```
WRITE of size 1 at 0x7e79f91f31a0 thread T0
``` |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28686 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04143 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04189 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04175 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04127 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04881 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05021 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.0498 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04944 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04799 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.0479 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04841 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.04861 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28686 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28686, GHSA-467j-76j7-5885
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y58b-be93-hbfd |
|
| 18 |
| url |
VCID-zpcy-nms7-kuha |
| vulnerability_id |
VCID-zpcy-nms7-kuha |
| summary |
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder
An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28493 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17414 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17474 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17542 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17495 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18975 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18725 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18746 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18858 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18843 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.1883 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18877 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18928 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-28493 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-28493, GHSA-r39q-jr8h-gcq2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zpcy-nms7-kuha |
|