Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/50321?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50321?format=api", "vulnerability_id": "VCID-ndur-uewc-aucm", "summary": "ImageMagick: Code Injection via PostScript header in ps coders\nThe ps encoders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicious file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed.\n\nThe html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code.", "aliases": [ { "alias": "CVE-2026-25797" }, { "alias": "GHSA-rw6c-xp26-225v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99005?format=api", "purl": "pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hr11-5edt-5ugu" }, { "vulnerability": "VCID-z5ve-fkb6-8yhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99322?format=api", "purl": "pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99321?format=api", "purl": "pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99003?format=api", "purl": "pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-z5ve-fkb6-8yhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99324?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99008?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-z5ve-fkb6-8yhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99323?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.2.15%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.15%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99006?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.2.23%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.23%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99007?format=api", "purl": "pkg:deb/debian/imagemagick@8:7.1.2.24%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.24%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/74226?format=api", "purl": "pkg:nuget/magick.net-q16-anycpu@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-anycpu@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111864?format=api", "purl": "pkg:nuget/Magick.NET-Q16-AnyCPU@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-AnyCPU@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74207?format=api", "purl": "pkg:nuget/Magick.NET-Q16-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74211?format=api", "purl": "pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111865?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-AnyCPU@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-AnyCPU@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74217?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74219?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74206?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74213?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74221?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74209?format=api", "purl": "pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74215?format=api", "purl": "pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74220?format=api", "purl": "pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74218?format=api", "purl": "pkg:nuget/Magick.NET-Q16-x86@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-x86@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74223?format=api", "purl": "pkg:nuget/magick.net-q8-anycpu@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-anycpu@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111870?format=api", "purl": "pkg:nuget/Magick.NET-Q8-AnyCPU@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-AnyCPU@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74212?format=api", "purl": "pkg:nuget/Magick.NET-Q8-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74225?format=api", "purl": "pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74208?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111875?format=api", "purl": "pkg:nuget/Magick.NET-Q8-OpenMP-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-OpenMP-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74216?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111876?format=api", "purl": "pkg:nuget/Magick.NET-Q8-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74214?format=api", "purl": "pkg:nuget/Magick.NET-Q8-x86@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-x86@14.10.3" } ], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25797.json" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442106", "reference_id": "2442106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442106" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25797", "reference_id": "CVE-2026-25797", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25797" }, { "reference_url": "https://github.com/advisories/GHSA-rw6c-xp26-225v", "reference_id": "GHSA-rw6c-xp26-225v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rw6c-xp26-225v" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v", "reference_id": "GHSA-rw6c-xp26-225v", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v" } ], "weaknesses": [ { "cwe_id": 94, "name": "Improper Control of Generation of Code ('Code Injection')", "description": "The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndur-uewc-aucm" }