Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/Magick.NET-Q16-x86@14.10.4
purl pkg:nuget/Magick.NET-Q16-x86@14.10.4
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (13)
Vulnerability Summary Aliases
VCID-1dkp-eq4m-kuey ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write An integer overflow in DIB coder can result in out of bounds read or write CVE-2026-28693
GHSA-hffp-q43q-qq76
VCID-4hmq-1sx8-skcj ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. ``` ================================================================= ==741961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000083dc at pc 0x56553b4c4245 bp 0x7ffd9d20fef0 sp 0x7ffd9d20fee0 WRITE of size 1 at 0x5020000083dc thread T0 ``` CVE-2026-30937
GHSA-qpg4-j99f-8xcg
VCID-9fpb-ch9j-8yg3 ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder A heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. ``` ================================================================= ==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150 READ of size 8 at 0x527000011550 thread T0 ``` CVE-2026-28687
GHSA-fpvf-frm6-625q
VCID-cnvc-vfa2-z3fq ImageMagick has Heap Buffer Over-Read in BilateralBlurImage BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the `-bilateral-blur` operation an out of bounds read can occur. ``` ================================================================= ==676172==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50a0000079c0 at pc 0x57b483c722f7 bp 0x7fffc0acd380 sp 0x7fffc0acd370 READ of size 4 at 0x50a0000079c0 thread T0 ``` CVE-2026-30935
GHSA-cqw9-w2m7-r2m2
VCID-j589-992a-jfa7 ImageMagick has a Path Policy TOCTOU symlink race bypass `domain="path"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. CVE-2026-28689
GHSA-493f-jh8w-qhx3
VCID-m8u5-3zy6-zyh8 ImageMagick has heap use-after-free in the MSL encoder A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. ``` SUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage Shadow bytes around the buggy address: 0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd 0x0a4e800074b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x0a4e800074c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0a4e800074d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0a4e800074e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0a4e800074f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa ``` CVE-2026-28688
GHSA-xxw5-m53x-j38c
VCID-nfr9-r9x3-4ugt ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. ``` ================================================================= ==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70 READ of size 8 at 0x506000003b40 thread T0 ``` CVE-2026-28692
GHSA-mrmj-x24c-wwcv
VCID-qrsw-ekum-zue2 ImageMagick has heap-based buffer overflow in UHDR encoder A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. ``` ================================================================ ==2158399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000039500 at pc 0x562a4a42f968 bp 0x7ffcca4ed6c0 sp 0x7ffcca4ed6b0 WRITE of size 1 at 0x521000039500 thread T0 ``` CVE-2026-30931
GHSA-h95r-c8c7-mrwx
VCID-s9q4-zzzf-e7gt ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. ``` ================================================================= ==661320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000002754 at pc 0x5ff45f82c92a bp 0x7fffb732b400 sp 0x7fffb732b3f0 WRITE of size 4 at 0x503000002754 thread T0 ``` CVE-2026-30936
GHSA-5ggv-92r5-cp4p
VCID-vk9r-ve4j-w7g2 ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder An overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. CVE-2026-31853
GHSA-56jp-jfqg-f8f4
VCID-x1pn-e5ze-tqd2 ImageMagick has stack write buffer overflow in MNG encoder A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. ``` ==2265506==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec4971310 at pc 0x55e671b8a072 bp 0x7ffec4970f70 sp 0x7ffec4970f68 WRITE of size 1 at 0x7ffec4971310 thread T0 ``` CVE-2026-28690
GHSA-7h7q-j33q-hvpf
VCID-xuxk-mcdm-q3fr ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder An extremely large image profile could result in a heap overflow when encoding a PNG image. CVE-2026-30883
GHSA-qmw5-2p58-xvrc
VCID-zt1v-dckb-gbh3 ImageMagick has uninitialized pointer dereference in JBIG decoder An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. CVE-2026-28691
GHSA-wj8w-pjxf-9g4f

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:51:51.468680+00:00 GitLab Importer Fixing VCID-cnvc-vfa2-z3fq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-30935.yml 38.6.0
2026-06-02T04:51:50.949968+00:00 GitLab Importer Fixing VCID-1dkp-eq4m-kuey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-28693.yml 38.6.0
2026-06-02T04:51:50.902792+00:00 GitLab Importer Fixing VCID-x1pn-e5ze-tqd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-28690.yml 38.6.0
2026-06-02T04:51:49.296742+00:00 GitLab Importer Fixing VCID-qrsw-ekum-zue2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-30931.yml 38.6.0
2026-06-02T04:51:47.782289+00:00 GitLab Importer Fixing VCID-m8u5-3zy6-zyh8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-28688.yml 38.6.0
2026-06-02T04:51:47.249528+00:00 GitLab Importer Fixing VCID-4hmq-1sx8-skcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-30937.yml 38.6.0
2026-06-02T04:51:46.554134+00:00 GitLab Importer Fixing VCID-9fpb-ch9j-8yg3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-28687.yml 38.6.0
2026-06-02T04:51:46.295735+00:00 GitLab Importer Fixing VCID-s9q4-zzzf-e7gt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-30936.yml 38.6.0
2026-06-02T04:51:42.470850+00:00 GitLab Importer Fixing VCID-zt1v-dckb-gbh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-28691.yml 38.6.0
2026-06-02T04:51:34.812632+00:00 GitLab Importer Fixing VCID-xuxk-mcdm-q3fr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-30883.yml 38.6.0
2026-06-02T04:51:30.843872+00:00 GitLab Importer Fixing VCID-vk9r-ve4j-w7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-31853.yml 38.6.0
2026-06-02T04:51:29.895484+00:00 GitLab Importer Fixing VCID-j589-992a-jfa7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-28689.yml 38.6.0
2026-06-02T04:51:28.754052+00:00 GitLab Importer Fixing VCID-nfr9-r9x3-4ugt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-x86/CVE-2026-28692.yml 38.6.0