Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/995441?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/995441?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.11.1", "type": "nuget", "namespace": "", "name": "magick.net-q8-openmp-x64", "version": "14.11.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "14.12.0", "latest_non_vulnerable_version": "14.12.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62843?format=api", "vulnerability_id": "VCID-2j96-dnbv-3uhn", "summary": "ImageMagick: ImageMagick: Denial of Service via deeply nested expression in FX parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33902.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33902.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02794", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02789", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33902" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33902", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33902" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458040", "reference_id": "2458040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458040" }, { "reference_url": "https://github.com/advisories/GHSA-f4qm-vj5j-9xpw", "reference_id": "GHSA-f4qm-vj5j-9xpw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f4qm-vj5j-9xpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-33902", "GHSA-f4qm-vj5j-9xpw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2j96-dnbv-3uhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62838?format=api", "vulnerability_id": "VCID-44wu-3r97-47b9", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via heap write overflow in JXL encoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40183", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00236", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40183" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:07:54Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/1c7767fc5f822c6edc104c1220d523e96fa20b5a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/1c7767fc5f822c6edc104c1220d523e96fa20b5a" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:07:54Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jvgr-9ph5-m8v4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:07:54Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jvgr-9ph5-m8v4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40183", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458054", "reference_id": "2458054", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458054" }, { "reference_url": "https://github.com/advisories/GHSA-jvgr-9ph5-m8v4", "reference_id": "GHSA-jvgr-9ph5-m8v4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jvgr-9ph5-m8v4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-40183", "GHSA-jvgr-9ph5-m8v4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44wu-3r97-47b9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62842?format=api", "vulnerability_id": "VCID-5xqw-b2kv-ckb5", "summary": "ImageMagick: ImageMagick: Denial of service via out-of-bounds read in -sample operation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33905.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33905", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00305", "published_at": "2026-06-06T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00304", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33905", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458055", "reference_id": "2458055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458055" }, { "reference_url": "https://github.com/advisories/GHSA-pcvx-ph33-r5vv", "reference_id": "GHSA-pcvx-ph33-r5vv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pcvx-ph33-r5vv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-33905", "GHSA-pcvx-ph33-r5vv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xqw-b2kv-ckb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89770?format=api", "vulnerability_id": "VCID-9dx7-4ewr-6fat", "summary": "ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value\nAn unrecognized magnify:method will result in an out of bounds read in the magnify operation.\n\n```\n==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30\nREAD of size 4 at 0x61a000000b30 thread T0\n```", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8vfj-q2cp-5m5j", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8vfj-q2cp-5m5j" }, { "reference_url": "https://github.com/advisories/GHSA-8vfj-q2cp-5m5j", "reference_id": "GHSA-8vfj-q2cp-5m5j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8vfj-q2cp-5m5j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "GHSA-8vfj-q2cp-5m5j" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dx7-4ewr-6fat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62837?format=api", "vulnerability_id": "VCID-avs5-2tz8-ebhs", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of service via heap out-of-bounds write in JP2 encoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40310.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40310", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00375", "published_at": "2026-06-06T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00373", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40310" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40310", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40310" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627", "reference_id": "1134627", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458047", "reference_id": "2458047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458047" }, { "reference_url": "https://github.com/advisories/GHSA-pwg5-6jfc-crvh", "reference_id": "GHSA-pwg5-6jfc-crvh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pwg5-6jfc-crvh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-40310", "GHSA-pwg5-6jfc-crvh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avs5-2tz8-ebhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90347?format=api", "vulnerability_id": "VCID-dskq-pcd4-v7fx", "summary": "ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing\nAn incorrect morphology would allow an out of bounds read of a single pixel.\n\n```\n==1200284==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5100000002d0 at pc 0x59e28e60c27a bp 0x7fff047fd8e0 sp 0x7fff047fd8d0\nREAD of size 4 at 0x5100000002d0 thread T0\n```", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx" }, { "reference_url": "https://github.com/advisories/GHSA-q8h3-jv9v-57qx", "reference_id": "GHSA-q8h3-jv9v-57qx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q8h3-jv9v-57qx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "GHSA-q8h3-jv9v-57qx" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dskq-pcd4-v7fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90345?format=api", "vulnerability_id": "VCID-ea8n-71s6-nbfq", "summary": "ImageMagick has a memory leak in PNG encoder when writing a MNG image\nWhen the PNG encoder fails to write an MNG image it can leak memory.", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj" }, { "reference_url": "https://github.com/advisories/GHSA-x928-4434-crqj", "reference_id": "GHSA-x928-4434-crqj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x928-4434-crqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "GHSA-x928-4434-crqj" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8n-71s6-nbfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62839?format=api", "vulnerability_id": "VCID-mqpc-y7da-9uh9", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via crafted image leading to out-of-bounds write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40169", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00291", "published_at": "2026-06-06T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0029", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40169" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:52:23Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:52:23Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:52:23Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:52:23Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40169", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458042", "reference_id": "2458042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458042" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-40169", "GHSA-5592-p365-24xh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqpc-y7da-9uh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89197?format=api", "vulnerability_id": "VCID-pr3f-pq54-dkd5", "summary": "ImageMagick has a heap-buffer-overflow in FTXT encoder\nThe FTXT encoder lacks a boundary check when parsing `ftxt:format`, resulting in an out of bounds read.\n\n```\n==3040863==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000085b2 at pc 0x606c1ee0c6ce bp 0x7ffee30d6150 sp 0x7ffee30d6148\nREAD of size 1 at 0x5020000085b2 thread T0\n```", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w54j-7wpm-crhj", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w54j-7wpm-crhj" }, { "reference_url": "https://github.com/advisories/GHSA-w54j-7wpm-crhj", "reference_id": "GHSA-w54j-7wpm-crhj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w54j-7wpm-crhj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "GHSA-w54j-7wpm-crhj" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr3f-pq54-dkd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62841?format=api", "vulnerability_id": "VCID-s3ws-rhp3-a7gj", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via deeply nested XML file processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33908.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33908.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05773", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05782", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33908", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33908" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33908", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33908" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458041", "reference_id": "2458041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458041" }, { "reference_url": "https://github.com/advisories/GHSA-fwvm-ggf6-2p4x", "reference_id": "GHSA-fwvm-ggf6-2p4x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fwvm-ggf6-2p4x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-33908", "GHSA-fwvm-ggf6-2p4x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3ws-rhp3-a7gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62846?format=api", "vulnerability_id": "VCID-s8sd-nz2r-y3c7", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service via out-of-bounds write in XML parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33899.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33899.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05349", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05369", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33899" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33899", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33899" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458026", "reference_id": "2458026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458026" }, { "reference_url": "https://github.com/advisories/GHSA-cr67-pvmx-2pp2", "reference_id": "GHSA-cr67-pvmx-2pp2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cr67-pvmx-2pp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-33899", "GHSA-cr67-pvmx-2pp2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8sd-nz2r-y3c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89855?format=api", "vulnerability_id": "VCID-tv7n-7xa2-8uba", "summary": "ImageMagick has has a stack-buffer-overflow in MNG encoder with oversized pallete\nThe patch for GHSA-7h7q-j33q-hvpf was incomplete and still allows a stack buffer overflow for the multi frame images.", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-98cp-rj9f-6v5g", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-98cp-rj9f-6v5g" }, { "reference_url": "https://github.com/advisories/GHSA-98cp-rj9f-6v5g", "reference_id": "GHSA-98cp-rj9f-6v5g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-98cp-rj9f-6v5g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "GHSA-98cp-rj9f-6v5g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7n-7xa2-8uba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62844?format=api", "vulnerability_id": "VCID-uq5q-t36h-8fcw", "summary": "ImageMagick: Magick.NET: ImageMagick: Denial of Service due to heap buffer overflow in MVG decoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33901.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33901.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05222", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05237", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33901" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33901", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33901" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458023", "reference_id": "2458023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458023" }, { "reference_url": "https://github.com/advisories/GHSA-x9h5-r9v2-vcww", "reference_id": "GHSA-x9h5-r9v2-vcww", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x9h5-r9v2-vcww" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-33901", "GHSA-x9h5-r9v2-vcww" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uq5q-t36h-8fcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90169?format=api", "vulnerability_id": "VCID-v64w-9gd4-rqhh", "summary": "ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts\nWhen the `connected-components:*` define specifies an invalid index and out of bound operation will result in an access violation.", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q" }, { "reference_url": "https://github.com/advisories/GHSA-pmpg-6pww-fg6q", "reference_id": "GHSA-pmpg-6pww-fg6q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pmpg-6pww-fg6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "GHSA-pmpg-6pww-fg6q" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v64w-9gd4-rqhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62835?format=api", "vulnerability_id": "VCID-vt3p-fn5k-7qba", "summary": "ImageMagick: Magick.NET: ImageMagick and Magick.NET: Denial of Service via malicious MSL file processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40312", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00232", "published_at": "2026-06-06T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00231", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40312", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40312" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458044", "reference_id": "2458044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458044" }, { "reference_url": "https://github.com/advisories/GHSA-5xg3-585r-9jh5", "reference_id": "GHSA-5xg3-585r-9jh5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5xg3-585r-9jh5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1021604?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.12.0" } ], "aliases": [ "CVE-2026-40312", "GHSA-5xg3-585r-9jh5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vt3p-fn5k-7qba" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91574?format=api", "vulnerability_id": "VCID-bc1g-24nb-nuf5", "summary": "ImageMagick: META reader memory leak in the APP1JPEG input path\nImageMagick contains a memory leak in the META reader when processing the `APP1JPEG` input path.", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7" }, { "reference_url": "https://github.com/advisories/GHSA-9r56-3gjq-hqf7", "reference_id": "GHSA-9r56-3gjq-hqf7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9r56-3gjq-hqf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995441?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j96-dnbv-3uhn" }, { "vulnerability": "VCID-44wu-3r97-47b9" }, { "vulnerability": "VCID-5xqw-b2kv-ckb5" }, { "vulnerability": "VCID-9dx7-4ewr-6fat" }, { "vulnerability": "VCID-avs5-2tz8-ebhs" }, { "vulnerability": "VCID-dskq-pcd4-v7fx" }, { "vulnerability": "VCID-ea8n-71s6-nbfq" }, { "vulnerability": "VCID-mqpc-y7da-9uh9" }, { "vulnerability": "VCID-pr3f-pq54-dkd5" }, { "vulnerability": "VCID-s3ws-rhp3-a7gj" }, { "vulnerability": "VCID-s8sd-nz2r-y3c7" }, { "vulnerability": "VCID-tv7n-7xa2-8uba" }, { "vulnerability": "VCID-uq5q-t36h-8fcw" }, { "vulnerability": "VCID-v64w-9gd4-rqhh" }, { "vulnerability": "VCID-vt3p-fn5k-7qba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.11.1" } ], "aliases": [ "GHSA-9r56-3gjq-hqf7" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bc1g-24nb-nuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64215?format=api", "vulnerability_id": "VCID-cm5s-vwdd-8ua3", "summary": "ImageMagick: ImageMagick: Denial of Service via out-of-bounds write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33536", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00578", "published_at": "2026-06-06T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00577", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33536" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:44:35Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33536", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33536" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451849", "reference_id": "2451849", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451849" }, { "reference_url": "https://github.com/advisories/GHSA-8793-7xv6-82cf", "reference_id": "GHSA-8793-7xv6-82cf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8793-7xv6-82cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995441?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j96-dnbv-3uhn" }, { "vulnerability": "VCID-44wu-3r97-47b9" }, { "vulnerability": "VCID-5xqw-b2kv-ckb5" }, { "vulnerability": "VCID-9dx7-4ewr-6fat" }, { "vulnerability": "VCID-avs5-2tz8-ebhs" }, { "vulnerability": "VCID-dskq-pcd4-v7fx" }, { "vulnerability": "VCID-ea8n-71s6-nbfq" }, { "vulnerability": "VCID-mqpc-y7da-9uh9" }, { "vulnerability": "VCID-pr3f-pq54-dkd5" }, { "vulnerability": "VCID-s3ws-rhp3-a7gj" }, { "vulnerability": "VCID-s8sd-nz2r-y3c7" }, { "vulnerability": "VCID-tv7n-7xa2-8uba" }, { "vulnerability": "VCID-uq5q-t36h-8fcw" }, { "vulnerability": "VCID-v64w-9gd4-rqhh" }, { "vulnerability": "VCID-vt3p-fn5k-7qba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.11.1" } ], "aliases": [ "CVE-2026-33536", "GHSA-8793-7xv6-82cf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cm5s-vwdd-8ua3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64216?format=api", "vulnerability_id": "VCID-fwfe-gcte-kyh3", "summary": "ImageMagick: ImageMagick: Denial of Service via out-of-bounds write in X11 display interaction path", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33535.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33535", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00496", "published_at": "2026-06-06T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00494", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33535" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33535", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33535" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:50Z/" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33535", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451855", "reference_id": "2451855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451855" }, { "reference_url": "https://github.com/advisories/GHSA-mw3m-pqr2-qv7c", "reference_id": "GHSA-mw3m-pqr2-qv7c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mw3m-pqr2-qv7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995441?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j96-dnbv-3uhn" }, { "vulnerability": "VCID-44wu-3r97-47b9" }, { "vulnerability": "VCID-5xqw-b2kv-ckb5" }, { "vulnerability": "VCID-9dx7-4ewr-6fat" }, { "vulnerability": "VCID-avs5-2tz8-ebhs" }, { "vulnerability": "VCID-dskq-pcd4-v7fx" }, { "vulnerability": "VCID-ea8n-71s6-nbfq" }, { "vulnerability": "VCID-mqpc-y7da-9uh9" }, { "vulnerability": "VCID-pr3f-pq54-dkd5" }, { "vulnerability": "VCID-s3ws-rhp3-a7gj" }, { "vulnerability": "VCID-s8sd-nz2r-y3c7" }, { "vulnerability": "VCID-tv7n-7xa2-8uba" }, { "vulnerability": "VCID-uq5q-t36h-8fcw" }, { "vulnerability": "VCID-v64w-9gd4-rqhh" }, { "vulnerability": "VCID-vt3p-fn5k-7qba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.11.1" } ], "aliases": [ "CVE-2026-33535", "GHSA-mw3m-pqr2-qv7c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwfe-gcte-kyh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91173?format=api", "vulnerability_id": "VCID-p3sj-h4qf-rkhp", "summary": "ImageMagick has possible memory leak in ASHLAR coder when action fails\nThe ASHLAR coder leaks a temporary image when an action fails and that could result to an out of memory.", "references": [ { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6p22-q7w5-33pg", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6p22-q7w5-33pg" }, { "reference_url": "https://github.com/advisories/GHSA-6p22-q7w5-33pg", "reference_id": "GHSA-6p22-q7w5-33pg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6p22-q7w5-33pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995441?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j96-dnbv-3uhn" }, { "vulnerability": "VCID-44wu-3r97-47b9" }, { "vulnerability": "VCID-5xqw-b2kv-ckb5" }, { "vulnerability": "VCID-9dx7-4ewr-6fat" }, { "vulnerability": "VCID-avs5-2tz8-ebhs" }, { "vulnerability": "VCID-dskq-pcd4-v7fx" }, { "vulnerability": "VCID-ea8n-71s6-nbfq" }, { "vulnerability": "VCID-mqpc-y7da-9uh9" }, { "vulnerability": "VCID-pr3f-pq54-dkd5" }, { "vulnerability": "VCID-s3ws-rhp3-a7gj" }, { "vulnerability": "VCID-s8sd-nz2r-y3c7" }, { "vulnerability": "VCID-tv7n-7xa2-8uba" }, { "vulnerability": "VCID-uq5q-t36h-8fcw" }, { "vulnerability": "VCID-v64w-9gd4-rqhh" }, { "vulnerability": "VCID-vt3p-fn5k-7qba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.11.1" } ], "aliases": [ "GHSA-6p22-q7w5-33pg" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3sj-h4qf-rkhp" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.11.1" }