VulnerableCode Package Details - pkg:nuget/Magick.NET-Q8-x86@14.10.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4hmq-1sx8-skcj	ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. ``` ================================================================= ==741961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000083dc at pc 0x56553b4c4245 bp 0x7ffd9d20fef0 sp 0x7ffd9d20fee0 WRITE of size 1 at 0x5020000083dc thread T0 ```	CVE-2026-30937 GHSA-qpg4-j99f-8xcg
VCID-j589-992a-jfa7	ImageMagick has a Path Policy TOCTOU symlink race bypass `domain="path"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.	CVE-2026-28689 GHSA-493f-jh8w-qhx3
VCID-nfr9-r9x3-4ugt	ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. ``` ================================================================= ==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70 READ of size 8 at 0x506000003b40 thread T0 ```	CVE-2026-28692 GHSA-mrmj-x24c-wwcv
VCID-nxzm-r956-pbfy	ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.	CVE-2026-28493 GHSA-r39q-jr8h-gcq2
VCID-qrsw-ekum-zue2	ImageMagick has heap-based buffer overflow in UHDR encoder A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. ``` ================================================================ ==2158399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000039500 at pc 0x562a4a42f968 bp 0x7ffcca4ed6c0 sp 0x7ffcca4ed6b0 WRITE of size 1 at 0x521000039500 thread T0 ```	CVE-2026-30931 GHSA-h95r-c8c7-mrwx
VCID-vk9r-ve4j-w7g2	ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder An overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images.	CVE-2026-31853 GHSA-56jp-jfqg-f8f4
VCID-xuxk-mcdm-q3fr	ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder An extremely large image profile could result in a heap overflow when encoding a PNG image.	CVE-2026-30883 GHSA-qmw5-2p58-xvrc
VCID-zt1v-dckb-gbh3	ImageMagick has uninitialized pointer dereference in JBIG decoder An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.	CVE-2026-28691 GHSA-wj8w-pjxf-9g4f

Vulnerability

Summary

Aliases

VCID-4hmq-1sx8-skcj

ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. ``` ================================================================= ==741961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000083dc at pc 0x56553b4c4245 bp 0x7ffd9d20fef0 sp 0x7ffd9d20fee0 WRITE of size 1 at 0x5020000083dc thread T0 ```

CVE-2026-30937
GHSA-qpg4-j99f-8xcg

VCID-j589-992a-jfa7

ImageMagick has a Path Policy TOCTOU symlink race bypass `domain="path"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.

CVE-2026-28689
GHSA-493f-jh8w-qhx3

VCID-nfr9-r9x3-4ugt

ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder In MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. ``` ================================================================= ==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70 READ of size 8 at 0x506000003b40 thread T0 ```

CVE-2026-28692
GHSA-mrmj-x24c-wwcv

VCID-nxzm-r956-pbfy

ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.

CVE-2026-28493
GHSA-r39q-jr8h-gcq2

VCID-qrsw-ekum-zue2

ImageMagick has heap-based buffer overflow in UHDR encoder A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. ``` ================================================================ ==2158399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x521000039500 at pc 0x562a4a42f968 bp 0x7ffcca4ed6c0 sp 0x7ffcca4ed6b0 WRITE of size 1 at 0x521000039500 thread T0 ```

CVE-2026-30931
GHSA-h95r-c8c7-mrwx

VCID-vk9r-ve4j-w7g2

ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder An overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images.

CVE-2026-31853
GHSA-56jp-jfqg-f8f4

VCID-xuxk-mcdm-q3fr

ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder An extremely large image profile could result in a heap overflow when encoding a PNG image.

CVE-2026-30883
GHSA-qmw5-2p58-xvrc

VCID-zt1v-dckb-gbh3

ImageMagick has uninitialized pointer dereference in JBIG decoder An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.

CVE-2026-28691
GHSA-wj8w-pjxf-9g4f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:51:54.124818+00:00	GitLab Importer	Fixing	VCID-nxzm-r956-pbfy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-28493.yml	38.6.0
2026-06-02T04:51:51.238799+00:00	GitLab Importer	Fixing	VCID-4hmq-1sx8-skcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-30937.yml	38.6.0
2026-06-02T04:51:44.941984+00:00	GitLab Importer	Fixing	VCID-zt1v-dckb-gbh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-28691.yml	38.6.0
2026-06-02T04:51:44.786145+00:00	GitLab Importer	Fixing	VCID-qrsw-ekum-zue2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-30931.yml	38.6.0
2026-06-02T04:51:33.768217+00:00	GitLab Importer	Fixing	VCID-nfr9-r9x3-4ugt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-28692.yml	38.6.0
2026-06-02T04:51:32.929489+00:00	GitLab Importer	Fixing	VCID-j589-992a-jfa7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-28689.yml	38.6.0
2026-06-02T04:51:31.942067+00:00	GitLab Importer	Fixing	VCID-vk9r-ve4j-w7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-31853.yml	38.6.0
2026-06-02T04:51:28.801274+00:00	GitLab Importer	Fixing	VCID-xuxk-mcdm-q3fr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-30883.yml	38.6.0