Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/Magick.NET-QMagick.NET-Q16-x8616-x64@14.10.3
purl pkg:nuget/Magick.NET-QMagick.NET-Q16-x8616-x64@14.10.3
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-5xqd-gf3b-4ygw ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access The shipped “secure” security policy includes a rule intended to prevent reading/writing from standard streams: ```xml <policy domain="path" rights="none" pattern="-"/> ``` However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). This path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of “no stdin/stdout”. To resolve this, users can add the following change to their security policy. ```xml <policy domain="path" rights="none" pattern="fd:*"/> ``` And this will also be included in ImageMagick's more secure policies by default. CVE-2026-25966
GHSA-xwc6-v6g8-pw2h

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:08:07.901069+00:00 GHSA Importer Fixing VCID-5xqd-gf3b-4ygw https://github.com/advisories/GHSA-xwc6-v6g8-pw2h 38.0.0
2026-04-01T12:53:58.892823+00:00 GitLab Importer Fixing VCID-5xqd-gf3b-4ygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-QMagick.NET-Q16-x8616-x64/CVE-2026-25966.yml 38.0.0
2026-04-01T12:52:35.780108+00:00 GithubOSV Importer Fixing VCID-5xqd-gf3b-4ygw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-xwc6-v6g8-pw2h/GHSA-xwc6-v6g8-pw2h.json 38.0.0