Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/74576?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "type": "nuget", "namespace": "", "name": "magick.net-q8-openmp-x64", "version": "14.10.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50890?format=api", "vulnerability_id": "VCID-9fpb-ch9j-8yg3", "summary": "ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder\nA heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.\n\n```\n=================================================================\n==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150\nREAD of size 8 at 0x527000011550 thread T0\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445897", "reference_id": "2445897", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445897" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28687", "reference_id": "CVE-2026-28687", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28687" }, { "reference_url": "https://github.com/advisories/GHSA-fpvf-frm6-625q", "reference_id": "GHSA-fpvf-frm6-625q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fpvf-frm6-625q" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q", "reference_id": "GHSA-fpvf-frm6-625q", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-28687", "GHSA-fpvf-frm6-625q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fpb-ch9j-8yg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50892?format=api", "vulnerability_id": "VCID-e59v-wtp4-v7ev", "summary": "ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer\nA heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.\n\n```\nWRITE of size 1 at 0x7e79f91f31a0 thread T0\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445889", "reference_id": "2445889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445889" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28686", "reference_id": "CVE-2026-28686", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28686" }, { "reference_url": "https://github.com/advisories/GHSA-467j-76j7-5885", "reference_id": "GHSA-467j-76j7-5885", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-467j-76j7-5885" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885", "reference_id": "GHSA-467j-76j7-5885", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-28686", "GHSA-467j-76j7-5885" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e59v-wtp4-v7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50786?format=api", "vulnerability_id": "VCID-j589-992a-jfa7", "summary": "ImageMagick has a Path Policy TOCTOU symlink race bypass\n`domain=\"path\"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445891", "reference_id": "2445891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445891" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28689", "reference_id": "CVE-2026-28689", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28689" }, { "reference_url": "https://github.com/advisories/GHSA-493f-jh8w-qhx3", "reference_id": "GHSA-493f-jh8w-qhx3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-493f-jh8w-qhx3" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3", "reference_id": "GHSA-493f-jh8w-qhx3", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-28689", "GHSA-493f-jh8w-qhx3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j589-992a-jfa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50908?format=api", "vulnerability_id": "VCID-m8u5-3zy6-zyh8", "summary": "ImageMagick has heap use-after-free in the MSL encoder\nA heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed.\n\n```\nSUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage\nShadow bytes around the buggy address:\n0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n=>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd\n0x0a4e800074b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa\n0x0a4e800074c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445877", "reference_id": "2445877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28688", "reference_id": "CVE-2026-28688", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28688" }, { "reference_url": "https://github.com/advisories/GHSA-xxw5-m53x-j38c", "reference_id": "GHSA-xxw5-m53x-j38c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xxw5-m53x-j38c" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c", "reference_id": "GHSA-xxw5-m53x-j38c", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-28688", "GHSA-xxw5-m53x-j38c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8u5-3zy6-zyh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50785?format=api", "vulnerability_id": "VCID-nfr9-r9x3-4ugt", "summary": "ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder\nIn MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.\n\n```\n=================================================================\n==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70\nREAD of size 8 at 0x506000003b40 thread T0\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445890", "reference_id": "2445890", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445890" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28692", "reference_id": "CVE-2026-28692", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28692" }, { "reference_url": "https://github.com/advisories/GHSA-mrmj-x24c-wwcv", "reference_id": "GHSA-mrmj-x24c-wwcv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mrmj-x24c-wwcv" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv", "reference_id": "GHSA-mrmj-x24c-wwcv", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-28692", "GHSA-mrmj-x24c-wwcv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfr9-r9x3-4ugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50906?format=api", "vulnerability_id": "VCID-nxzm-r956-pbfy", "summary": "ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder\nAn integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28493.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28493.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445883", "reference_id": "2445883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445883" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28493", "reference_id": "CVE-2026-28493", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28493" }, { "reference_url": "https://github.com/advisories/GHSA-r39q-jr8h-gcq2", "reference_id": "GHSA-r39q-jr8h-gcq2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r39q-jr8h-gcq2" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2", "reference_id": "GHSA-r39q-jr8h-gcq2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-28493", "GHSA-r39q-jr8h-gcq2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxzm-r956-pbfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50881?format=api", "vulnerability_id": "VCID-t7w8-fz8u-zud8", "summary": "ImageMagick has stack buffer overflow in MagnifyImage\nMagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30929.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30929.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445896", "reference_id": "2445896", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445896" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30929", "reference_id": "CVE-2026-30929", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30929" }, { "reference_url": "https://github.com/advisories/GHSA-rqq8-jh93-f4vg", "reference_id": "GHSA-rqq8-jh93-f4vg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rqq8-jh93-f4vg" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg", "reference_id": "GHSA-rqq8-jh93-f4vg", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-30929", "GHSA-rqq8-jh93-f4vg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t7w8-fz8u-zud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50787?format=api", "vulnerability_id": "VCID-vk9r-ve4j-w7g2", "summary": "ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder\nAn overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446690", "reference_id": "2446690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446690" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31853", "reference_id": "CVE-2026-31853", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31853" }, { "reference_url": "https://github.com/advisories/GHSA-56jp-jfqg-f8f4", "reference_id": "GHSA-56jp-jfqg-f8f4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-56jp-jfqg-f8f4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4", "reference_id": "GHSA-56jp-jfqg-f8f4", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-31853", "GHSA-56jp-jfqg-f8f4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9r-ve4j-w7g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50784?format=api", "vulnerability_id": "VCID-xuxk-mcdm-q3fr", "summary": "ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder\nAn extremely large image profile could result in a heap overflow when encoding a PNG image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445878", "reference_id": "2445878", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445878" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30883", "reference_id": "CVE-2026-30883", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30883" }, { "reference_url": "https://github.com/advisories/GHSA-qmw5-2p58-xvrc", "reference_id": "GHSA-qmw5-2p58-xvrc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qmw5-2p58-xvrc" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc", "reference_id": "GHSA-qmw5-2p58-xvrc", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-30883", "GHSA-qmw5-2p58-xvrc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xuxk-mcdm-q3fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50883?format=api", "vulnerability_id": "VCID-zt1v-dckb-gbh3", "summary": "ImageMagick has uninitialized pointer dereference in JBIG decoder\nAn uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445902", "reference_id": "2445902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445902" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28691", "reference_id": "CVE-2026-28691", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28691" }, { "reference_url": "https://github.com/advisories/GHSA-wj8w-pjxf-9g4f", "reference_id": "GHSA-wj8w-pjxf-9g4f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wj8w-pjxf-9g4f" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f", "reference_id": "GHSA-wj8w-pjxf-9g4f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6713", "reference_id": "RHSA-2026:6713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74576?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" } ], "aliases": [ "CVE-2026-28691", "GHSA-wj8w-pjxf-9g4f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zt1v-dckb-gbh3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4" }