Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/74629?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "type": "nuget", "namespace": "", "name": "magick.net-q8-x64", "version": "14.10.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50888?format=api", "vulnerability_id": "VCID-4hmq-1sx8-skcj", "summary": "ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation\nA 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.\n\n```\n=================================================================\n==741961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000083dc at pc 0x56553b4c4245 bp 0x7ffd9d20fef0 sp 0x7ffd9d20fee0\nWRITE of size 1 at 0x5020000083dc thread T0\n```", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30937", "reference_id": "CVE-2026-30937", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30937" }, { "reference_url": "https://github.com/advisories/GHSA-qpg4-j99f-8xcg", "reference_id": "GHSA-qpg4-j99f-8xcg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qpg4-j99f-8xcg" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg", "reference_id": "GHSA-qpg4-j99f-8xcg", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-30937", "GHSA-qpg4-j99f-8xcg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hmq-1sx8-skcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50887?format=api", "vulnerability_id": "VCID-cnvc-vfa2-z3fq", "summary": "ImageMagick has Heap Buffer Over-Read in BilateralBlurImage\nBilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur.\n\n```\n=================================================================\n==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370\nREAD of size 4 at 0x50a0000079c0 thread T0\n```", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30935", "reference_id": "CVE-2026-30935", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30935" }, { "reference_url": "https://github.com/advisories/GHSA-cqw9-w2m7-r2m2", "reference_id": "GHSA-cqw9-w2m7-r2m2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cqw9-w2m7-r2m2" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cqw9-w2m7-r2m2", "reference_id": "GHSA-cqw9-w2m7-r2m2", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cqw9-w2m7-r2m2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-30935", "GHSA-cqw9-w2m7-r2m2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnvc-vfa2-z3fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50892?format=api", "vulnerability_id": "VCID-e59v-wtp4-v7ev", "summary": "ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer\nA heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.\n\n```\nWRITE of size 1 at 0x7e79f91f31a0 thread T0\n```", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28686", "reference_id": "CVE-2026-28686", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28686" }, { "reference_url": "https://github.com/advisories/GHSA-467j-76j7-5885", "reference_id": "GHSA-467j-76j7-5885", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-467j-76j7-5885" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885", "reference_id": "GHSA-467j-76j7-5885", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-28686", "GHSA-467j-76j7-5885" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e59v-wtp4-v7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50786?format=api", "vulnerability_id": "VCID-j589-992a-jfa7", "summary": "ImageMagick has a Path Policy TOCTOU symlink race bypass\n`domain=\"path\"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28689", "reference_id": "CVE-2026-28689", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28689" }, { "reference_url": "https://github.com/advisories/GHSA-493f-jh8w-qhx3", "reference_id": "GHSA-493f-jh8w-qhx3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-493f-jh8w-qhx3" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3", "reference_id": "GHSA-493f-jh8w-qhx3", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-28689", "GHSA-493f-jh8w-qhx3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j589-992a-jfa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50908?format=api", "vulnerability_id": "VCID-m8u5-3zy6-zyh8", "summary": "ImageMagick has heap use-after-free in the MSL encoder\nA heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed.\n\n```\nSUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage\nShadow bytes around the buggy address:\n0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n=>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd\n0x0a4e800074b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa\n0x0a4e800074c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n```", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28688", "reference_id": "CVE-2026-28688", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28688" }, { "reference_url": "https://github.com/advisories/GHSA-xxw5-m53x-j38c", "reference_id": "GHSA-xxw5-m53x-j38c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xxw5-m53x-j38c" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c", "reference_id": "GHSA-xxw5-m53x-j38c", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-28688", "GHSA-xxw5-m53x-j38c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8u5-3zy6-zyh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50785?format=api", "vulnerability_id": "VCID-nfr9-r9x3-4ugt", "summary": "ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder\nIn MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.\n\n```\n=================================================================\n==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70\nREAD of size 8 at 0x506000003b40 thread T0\n```", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28692", "reference_id": "CVE-2026-28692", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28692" }, { "reference_url": "https://github.com/advisories/GHSA-mrmj-x24c-wwcv", "reference_id": "GHSA-mrmj-x24c-wwcv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mrmj-x24c-wwcv" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv", "reference_id": "GHSA-mrmj-x24c-wwcv", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-28692", "GHSA-mrmj-x24c-wwcv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfr9-r9x3-4ugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50906?format=api", "vulnerability_id": "VCID-nxzm-r956-pbfy", "summary": "ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder\nAn integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28493", "reference_id": "CVE-2026-28493", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28493" }, { "reference_url": "https://github.com/advisories/GHSA-r39q-jr8h-gcq2", "reference_id": "GHSA-r39q-jr8h-gcq2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r39q-jr8h-gcq2" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2", "reference_id": "GHSA-r39q-jr8h-gcq2", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-28493", "GHSA-r39q-jr8h-gcq2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxzm-r956-pbfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50880?format=api", "vulnerability_id": "VCID-qrsw-ekum-zue2", "summary": "ImageMagick has heap-based buffer overflow in UHDR encoder\nA heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write.\n\n```\n================================================================\n==2158399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000039500 at pc 0x562a4a42f968 bp 0x7ffcca4ed6c0 sp 0x7ffcca4ed6b0\nWRITE of size 1 at 0x521000039500 thread T0\n```", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30931", "reference_id": "CVE-2026-30931", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30931" }, { "reference_url": "https://github.com/advisories/GHSA-h95r-c8c7-mrwx", "reference_id": "GHSA-h95r-c8c7-mrwx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h95r-c8c7-mrwx" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx", "reference_id": "GHSA-h95r-c8c7-mrwx", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-30931", "GHSA-h95r-c8c7-mrwx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrsw-ekum-zue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50787?format=api", "vulnerability_id": "VCID-vk9r-ve4j-w7g2", "summary": "ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder\nAn overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images.", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31853", "reference_id": "CVE-2026-31853", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31853" }, { "reference_url": "https://github.com/advisories/GHSA-56jp-jfqg-f8f4", "reference_id": "GHSA-56jp-jfqg-f8f4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-56jp-jfqg-f8f4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4", "reference_id": "GHSA-56jp-jfqg-f8f4", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-31853", "GHSA-56jp-jfqg-f8f4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9r-ve4j-w7g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50913?format=api", "vulnerability_id": "VCID-x1pn-e5ze-tqd2", "summary": "ImageMagick has stack write buffer overflow in MNG encoder\nA stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.\n\n```\n==2265506==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec4971310 at pc 0x55e671b8a072 bp 0x7ffec4970f70 sp 0x7ffec4970f68\nWRITE of size 1 at 0x7ffec4971310 thread T0\n```", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28690", "reference_id": "CVE-2026-28690", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28690" }, { "reference_url": "https://github.com/advisories/GHSA-7h7q-j33q-hvpf", "reference_id": "GHSA-7h7q-j33q-hvpf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7h7q-j33q-hvpf" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf", "reference_id": "GHSA-7h7q-j33q-hvpf", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-28690", "GHSA-7h7q-j33q-hvpf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1pn-e5ze-tqd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50899?format=api", "vulnerability_id": "VCID-x85h-m4tr-ykha", "summary": "ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays\nA stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28494", "reference_id": "CVE-2026-28494", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28494" }, { "reference_url": "https://github.com/advisories/GHSA-932h-jw47-73jm", "reference_id": "GHSA-932h-jw47-73jm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-932h-jw47-73jm" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm", "reference_id": "GHSA-932h-jw47-73jm", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-28494", "GHSA-932h-jw47-73jm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x85h-m4tr-ykha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50784?format=api", "vulnerability_id": "VCID-xuxk-mcdm-q3fr", "summary": "ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder\nAn extremely large image profile could result in a heap overflow when encoding a PNG image.", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30883", "reference_id": "CVE-2026-30883", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30883" }, { "reference_url": "https://github.com/advisories/GHSA-qmw5-2p58-xvrc", "reference_id": "GHSA-qmw5-2p58-xvrc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qmw5-2p58-xvrc" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc", "reference_id": "GHSA-qmw5-2p58-xvrc", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-30883", "GHSA-qmw5-2p58-xvrc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xuxk-mcdm-q3fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50883?format=api", "vulnerability_id": "VCID-zt1v-dckb-gbh3", "summary": "ImageMagick has uninitialized pointer dereference in JBIG decoder\nAn uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.", "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28691", "reference_id": "CVE-2026-28691", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28691" }, { "reference_url": "https://github.com/advisories/GHSA-wj8w-pjxf-9g4f", "reference_id": "GHSA-wj8w-pjxf-9g4f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wj8w-pjxf-9g4f" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f", "reference_id": "GHSA-wj8w-pjxf-9g4f", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74629?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" } ], "aliases": [ "CVE-2026-28691", "GHSA-wj8w-pjxf-9g4f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zt1v-dckb-gbh3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.4" }