Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/50328?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50328?format=api", "vulnerability_id": "VCID-1hrc-y5vr-efgj", "summary": "ImageMagick: Infinite loop vulnerability when parsing a PCD file\nWhen a PCD file does not contain a valid marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service.", "aliases": [ { "alias": "CVE-2026-24485" }, { "alias": "GHSA-pqgj-2p96-rx85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74226?format=api", "purl": "pkg:nuget/magick.net-q16-anycpu@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-anycpu@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74207?format=api", "purl": "pkg:nuget/Magick.NET-Q16-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74211?format=api", "purl": "pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74217?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74219?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74206?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74213?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74221?format=api", "purl": "pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74209?format=api", "purl": "pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74215?format=api", "purl": "pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74220?format=api", "purl": "pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74224?format=api", "purl": "pkg:nuget/magick.net-q16-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74218?format=api", "purl": "pkg:nuget/Magick.NET-Q16-x86@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-x86@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74223?format=api", "purl": "pkg:nuget/magick.net-q8-anycpu@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-anycpu@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74212?format=api", "purl": "pkg:nuget/Magick.NET-Q8-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74225?format=api", "purl": "pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74208?format=api", "purl": "pkg:nuget/magick.net-q8-openmp-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74216?format=api", "purl": "pkg:nuget/magick.net-q8-x64@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74214?format=api", "purl": "pkg:nuget/Magick.NET-Q8-x86@14.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-x86@14.10.3" } ], "affected_packages": [], "references": [ { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24485", "reference_id": "CVE-2026-24485", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24485" }, { "reference_url": "https://github.com/advisories/GHSA-pqgj-2p96-rx85", "reference_id": "GHSA-pqgj-2p96-rx85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pqgj-2p96-rx85" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85", "reference_id": "GHSA-pqgj-2p96-rx85", "reference_type": "", "scores": [], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85" } ], "weaknesses": [ { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hrc-y5vr-efgj" }