{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","type":"deb","namespace":"debian","name":"imagemagick","version":"8:6.9.11.60+dfsg-1.6+deb12u9","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"8:7.1.1.43+dfsg1-1+deb13u8","latest_non_vulnerable_version":"8:7.1.2.21+dfsg1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22659?format=json","vulnerability_id":"VCID-1cpn-zvem-v7gt","summary":"ImageMagick has uninitialized pointer dereference in JBIG decoder\nAn uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28691","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17474","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17542","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17495","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1864","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18975","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18877","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1883","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18843","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18746","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18725","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18682","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18556","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28691"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T15:58:48Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28691","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28691"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445902","reference_id":"2445902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445902"},{"reference_url":"https://github.com/advisories/GHSA-wj8w-pjxf-9g4f","reference_id":"GHSA-wj8w-pjxf-9g4f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wj8w-pjxf-9g4f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6713","reference_id":"RHSA-2026:6713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28691","GHSA-wj8w-pjxf-9g4f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cpn-zvem-v7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24037?format=json","vulnerability_id":"VCID-2zje-ag2v-7kac","summary":"ImageMagick has heap buffer overflow in WriteXWDImage due to CARD32 arithmetic overflow in bytes_per_line calculation\nA 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur.\n\n```\n=================================================================\n==741961==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5020000083dc at pc 0x56553b4c4245 bp 0x7ffd9d20fef0 sp 0x7ffd9d20fee0\nWRITE of size 1 at 0x5020000083dc thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30937.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30937.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30937","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02792","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02773","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0277","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02749","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04019","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03919","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03902","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03875","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03854","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03864","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03984","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03996","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04002","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04004","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30937"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30937","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30937"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:34:45Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30937","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30937"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445882","reference_id":"2445882","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445882"},{"reference_url":"https://github.com/advisories/GHSA-qpg4-j99f-8xcg","reference_id":"GHSA-qpg4-j99f-8xcg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpg4-j99f-8xcg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-30937","GHSA-qpg4-j99f-8xcg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zje-ag2v-7kac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351735?format=json","vulnerability_id":"VCID-381g-7gdr-qydg","summary":"ImageMagick: Magick.NET: ImageMagick and Magick.NET: Denial of Service via malicious MSL file processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40312.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40312","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01596","published_at":"2026-04-18T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00197","published_at":"2026-04-29T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00198","published_at":"2026-05-07T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00199","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/2a06c7be3bba3326caf8b7a8d1fa2e0d4b88998d"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T19:06:40Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40312","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458044","reference_id":"2458044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458044"},{"reference_url":"https://github.com/advisories/GHSA-5xg3-585r-9jh5","reference_id":"GHSA-5xg3-585r-9jh5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xg3-585r-9jh5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-40312","GHSA-5xg3-585r-9jh5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-381g-7gdr-qydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351737?format=json","vulnerability_id":"VCID-441f-z9bp-vbdu","summary":"ImageMagick: Magick.NET: ImageMagick: Denial of service via heap out-of-bounds write in JP2 encoder","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40310.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40310","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01596","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01529","published_at":"2026-04-16T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00287","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0028","published_at":"2026-05-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00282","published_at":"2026-05-07T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00285","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40310"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:33:34Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40310","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40310"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627","reference_id":"1134627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458047","reference_id":"2458047","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458047"},{"reference_url":"https://github.com/advisories/GHSA-pwg5-6jfc-crvh","reference_id":"GHSA-pwg5-6jfc-crvh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pwg5-6jfc-crvh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-40310","GHSA-pwg5-6jfc-crvh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-441f-z9bp-vbdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24252?format=json","vulnerability_id":"VCID-54da-fzyt-4ud2","summary":"ImageMagick has stack write buffer overflow in MNG encoder\nA stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data.\n\n```\n==2265506==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec4971310 at pc 0x55e671b8a072 bp 0x7ffec4970f70 sp 0x7ffec4970f68\nWRITE of size 1 at 0x7ffec4971310 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28690.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28690","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02346","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02326","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02316","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02969","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02837","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02832","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02826","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02943","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02937","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02924","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02973","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02949","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28690"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T15:58:08Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28690","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445887","reference_id":"2445887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445887"},{"reference_url":"https://github.com/advisories/GHSA-7h7q-j33q-hvpf","reference_id":"GHSA-7h7q-j33q-hvpf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h7q-j33q-hvpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28690","GHSA-7h7q-j33q-hvpf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54da-fzyt-4ud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24835?format=json","vulnerability_id":"VCID-6h7x-3rue-kucp","summary":"ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder\nIn MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.\n\n```\n=================================================================\n==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70\nREAD of size 8 at 0x506000003b40 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28692","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05647","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05608","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05611","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06438","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06139","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06135","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06089","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.061","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06248","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06264","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06291","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06304","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06324","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T15:58:29Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28692","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28692"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445890","reference_id":"2445890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445890"},{"reference_url":"https://github.com/advisories/GHSA-mrmj-x24c-wwcv","reference_id":"GHSA-mrmj-x24c-wwcv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrmj-x24c-wwcv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28692","GHSA-mrmj-x24c-wwcv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6h7x-3rue-kucp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351736?format=json","vulnerability_id":"VCID-6v1d-1wfr-vqd1","summary":"ImageMagick: Magick.NET: ImageMagick: Denial of Service via heap use-after-free in XMP profile processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40311.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40311","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03186","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03313","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00317","published_at":"2026-04-26T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00315","published_at":"2026-05-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0032","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00314","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00319","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40311"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:48:25Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:48:25Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:48:25Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:48:25Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40311","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40311"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627","reference_id":"1134627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134627"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458051","reference_id":"2458051","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458051"},{"reference_url":"https://github.com/advisories/GHSA-r83h-crwp-3vm7","reference_id":"GHSA-r83h-crwp-3vm7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r83h-crwp-3vm7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-40311","GHSA-r83h-crwp-3vm7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6v1d-1wfr-vqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351744?format=json","vulnerability_id":"VCID-7gb9-gd78-7bdu","summary":"ImageMagick: Magick.NET: ImageMagick: Denial of Service due to heap buffer overflow in MVG decoder","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33901.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33901.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33901","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11197","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12234","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16533","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16414","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16594","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16549","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16583","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33901"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458023","reference_id":"2458023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33901","reference_id":"CVE-2026-33901","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33901"},{"reference_url":"https://github.com/advisories/GHSA-x9h5-r9v2-vcww","reference_id":"GHSA-x9h5-r9v2-vcww","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x9h5-r9v2-vcww"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww","reference_id":"GHSA-x9h5-r9v2-vcww","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:50:52Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-33901","GHSA-x9h5-r9v2-vcww"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gb9-gd78-7bdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27360?format=json","vulnerability_id":"VCID-a2qm-vkc3-qkd5","summary":"ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree\n## Summary\n- **Target:** ImageMagick (commit `ecc9a5eb456747374bae8e07038ba10b3d8821b3`)\n- **Type:** Undefined Behavior (function-type-mismatch) in splay tree cloning callback\n- **Impact:** Deterministic abort under UBSan (DoS in sanitizer builds). No crash in a non-sanitized build; likely low security impact.\n- **Trigger:** Minimal **2-byte** input parsed via MagickWand, then coalescing.\n## Environment\nOS: macOS (Apple Silicon/arm64)\nHomebrew clang version 20.1.8\nTarget: arm64-apple-darwin24.5.0\nThread model: posix\nInstalledDir: /opt/homebrew/Cellar/llvm/20.1.8/bin\nConfiguration file: /opt/homebrew/etc/clang/arm64-apple-darwin24.cfg\nHomebrew ImageMagick: `magick -version` → `ImageMagick 7.1.2-0 Q16-HDRI aarch64`\npkg-config: `MagickWand-7.Q16HDRI` version `7.1.2`\nLibrary configure flags (capsule build):\n./configure --disable-shared --enable-static --without-modules --without-magick-plus-plus --disable-openmp --without-perl --without-x --with-png=yes --without-jpeg --without-tiff --without-xml --without-lqr --without-gslib\nHarness compile flags:\n-fsanitize=fuzzer,address,undefined -fno-omit-frame-pointer\npkg-config cflags/libs supplied:\n-I<...>/include/ImageMagick-7\n-DMAGICKCORE_HDRI_ENABLE=1 -DMAGICKCORE_QUANTUM_DEPTH=16 -DMAGICKCORE_CHANNEL_MASK_DEPTH=32\nand linked against MagickWand-7.Q16HDRI and MagickCore-7.Q16HDRI\nSanitizer runtime:\nASan+UBSan defaults. Repro also with `UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1`\n## PoC\n- **Bytes (hex):** `1c 02`\n- **Base64:** `HAI=`\n - **sha256 (optional):** <fill in>\n## Reproduction\nCreate PoC:\n\n`printf '\\x1c\\x02' > poc.bin`\n\nOption A: libFuzzer harness\n- Run once: `./harness_ImageMagick_... -runs=1 ./poc.bin`\n- Expected: UBSan aborts with function-type-mismatch at `MagickCore/splay-tree.c:372:43`.\n\nOption B: standalone reproducer (C)\n- Compile (ensure `PKG_CONFIG_PATH` points to your ImageMagick if needed):\n\n/opt/homebrew/opt/llvm/bin/clang -g -O1 -fsanitize=address,undefined $(/opt/homebrew/bin/pkg-config --cflags MagickWand-7.Q16HDRI) repro.c -o repro $(/opt/homebrew/bin/pkg-config --libs MagickWand-7.Q16HDRI)\n\n- Run:\n\nUBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1 ./repro ./poc.bin\nObserved output (excerpt)\nMagickCore/splay-tree.c:372:43: runtime error: call to function ConstantString through pointer to incorrect function type 'void *(*)(void *)'\nstring.c:680: note: ConstantString defined here\n#0 CloneSplayTree splay-tree.c:372\n#1 CloneImageProfiles profile.c:159\n#2 CloneImage image.c:832\n#3 CoalesceImages layer.c:269\n#4 MagickCoalesceImages magick-image.c:1665\n#5 main repro.c:XX\nRoot cause\nThe splay tree clone callback expects a function pointer of type `void *(*)(void *)`. ConstantString has a different signature (`char *ConstantString(const char *)`). Calling through the mismatched function type is undefined behavior in C and triggers UBSan’s function-type-mismatch.\nThe path is exercised during coalescing: CloneImage → CloneImageProfiles → CloneSplayTree.\nScope\nReproduces with a minimal, sanitizer-instrumented, PNG-enabled build and delegates disabled (policy.xml), suggesting the issue is in MagickCore rather than external delegates.\nSuggested fix (sketch)\nUse a wrapper that matches the expected callback prototype, or adjust the splay-tree callback typedef for const-correctness. For example:\nstatic void *CloneStringShim(const void *p) {\nreturn (void *) ConstantString((const char *) p);\n}\n\n/* When setting splay-tree clone_value, use CloneStringShim instead of ConstantString. */\n\nAlternatively, update the clone callback typedefs to use const void* consistently (and return void*) and ensure callers pass a correctly typed wrapper.\n\nArtifacts\nMinimised PoC: attached (poc.bin, 2 bytes; base64 HAI=)\nHarness source and exact build command (attached)\nFull UBSan trace (attached)\nCommit SHA and configure flags (above)\nCredits\nDiscovered by: Lumina Mescuwa\nMethod: libFuzzer + UBSan\nVerification\n- UBSan build: Reproduces with `halt_on_error=1`; aborts at `MagickCore/splay-tree.c:372`.\n- Non-sanitized Homebrew build (macOS arm64, clang 20.1.8): No crash; repro completes silently.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55160.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55160","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12492","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12321","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12414","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1239","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1252","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13561","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1349","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13547","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13574","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17867","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18013","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17961","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55160"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.8.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.8.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:26:33Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55160","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55160"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111104","reference_id":"1111104","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111104"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388253","reference_id":"2388253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388253"},{"reference_url":"https://github.com/advisories/GHSA-6hgw-6x87-578x","reference_id":"GHSA-6hgw-6x87-578x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6hgw-6x87-578x"},{"reference_url":"https://usn.ubuntu.com/7756-1/","reference_id":"USN-7756-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7756-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"}],"aliases":["CVE-2025-55160","GHSA-6hgw-6x87-578x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2qm-vkc3-qkd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22606?format=json","vulnerability_id":"VCID-cuhw-ew1g-s3h2","summary":"ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder\nA heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.\n\n```\n=================================================================\n==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150\nREAD of size 8 at 0x527000011550 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28687","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17042","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16896","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17114","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17059","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18198","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1852","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18472","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18365","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18377","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18402","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18302","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18288","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18246","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18109","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28687"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:01:50Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28687","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28687"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445897","reference_id":"2445897","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445897"},{"reference_url":"https://github.com/advisories/GHSA-fpvf-frm6-625q","reference_id":"GHSA-fpvf-frm6-625q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpvf-frm6-625q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28687","GHSA-fpvf-frm6-625q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuhw-ew1g-s3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351745?format=json","vulnerability_id":"VCID-eeju-vhdm-aqbe","summary":"ImageMagick: Magick.NET: ImageMagick: Denial of Service via integer truncation in viff encoder","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33900.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33900","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05053","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05011","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05014","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04973","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05004","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13313","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33900"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:30Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:30Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:30Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458020","reference_id":"2458020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458020"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33900","reference_id":"CVE-2026-33900","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33900"},{"reference_url":"https://github.com/advisories/GHSA-v67w-737x-v2c9","reference_id":"GHSA-v67w-737x-v2c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v67w-737x-v2c9"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9","reference_id":"GHSA-v67w-737x-v2c9","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:30Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-33900","GHSA-v67w-737x-v2c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eeju-vhdm-aqbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351742?format=json","vulnerability_id":"VCID-egwu-28fp-dye6","summary":"ImageMagick: ImageMagick: Denial of service via out-of-bounds read in -sample operation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33905.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33905","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01762","published_at":"2026-04-18T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00244","published_at":"2026-05-07T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00243","published_at":"2026-05-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00245","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00242","published_at":"2026-04-29T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00246","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:18Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33905","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458055","reference_id":"2458055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458055"},{"reference_url":"https://github.com/advisories/GHSA-pcvx-ph33-r5vv","reference_id":"GHSA-pcvx-ph33-r5vv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcvx-ph33-r5vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-33905","GHSA-pcvx-ph33-r5vv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egwu-28fp-dye6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24450?format=json","vulnerability_id":"VCID-g41y-dv8u-3yf1","summary":"ImageMagick has Heap Buffer Overflow in WaveletDenoiseImage\nA crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur.\n\n```\n=================================================================\n==661320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x503000002754 at pc 0x5ff45f82c92a bp 0x7fffb732b400 sp 0x7fffb732b3f0\nWRITE of size 4 at 0x503000002754 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30936.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30936.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30936","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04429","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04412","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04378","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04368","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04346","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05316","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0513","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05114","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05099","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05047","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05052","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.052","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05231","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05277","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05267","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30936"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5ggv-92r5-cp4p","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:48:08Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5ggv-92r5-cp4p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30936","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30936"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445880","reference_id":"2445880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445880"},{"reference_url":"https://github.com/advisories/GHSA-5ggv-92r5-cp4p","reference_id":"GHSA-5ggv-92r5-cp4p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5ggv-92r5-cp4p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-30936","GHSA-5ggv-92r5-cp4p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g41y-dv8u-3yf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64285?format=json","vulnerability_id":"VCID-g679-q851-xub7","summary":"ImageMagick: stack-based buffer overflow in sixel encoder","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32259.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32259","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04151","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04127","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04143","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04175","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04189","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04169","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05016","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05058","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0498","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05021","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04841","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0479","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04799","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04944","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32259"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447112","reference_id":"2447112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447112"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3","reference_id":"GHSA-49hx-7656-jpg3","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-13T16:13:57Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-32259"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g679-q851-xub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351743?format=json","vulnerability_id":"VCID-j6tc-f4fc-mbcv","summary":"ImageMagick: ImageMagick: Denial of Service via deeply nested expression in FX parser","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33902.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33902.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33902","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01573","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01634","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0211","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02087","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02118","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02092","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02151","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02136","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33902"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:51:18Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33902","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33902"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458040","reference_id":"2458040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458040"},{"reference_url":"https://github.com/advisories/GHSA-f4qm-vj5j-9xpw","reference_id":"GHSA-f4qm-vj5j-9xpw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f4qm-vj5j-9xpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-33902","GHSA-f4qm-vj5j-9xpw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6tc-f4fc-mbcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24565?format=json","vulnerability_id":"VCID-jc5m-7rvc-2qg6","summary":"ImageMagick has a heap-buffer-overflow in NewXMLTree which could result in crash\nThe NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32636.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32636.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32636","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04318","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0426","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04268","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04297","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04293","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0434","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0517","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0521","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05162","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05174","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32636"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.11.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:54:31Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.11.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-17","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:54:31Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-17"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gc62-2v5p-qpmp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:54:31Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gc62-2v5p-qpmp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32636","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32636"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448862","reference_id":"2448862","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448862"},{"reference_url":"https://github.com/advisories/GHSA-gc62-2v5p-qpmp","reference_id":"GHSA-gc62-2v5p-qpmp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc62-2v5p-qpmp"},{"reference_url":"https://usn.ubuntu.com/8127-1/","reference_id":"USN-8127-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8127-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"}],"aliases":["CVE-2026-32636","GHSA-gc62-2v5p-qpmp"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc5m-7rvc-2qg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21320?format=json","vulnerability_id":"VCID-jcjk-s89c-mbbm","summary":"ImageMagick: Invalid MSL <map> can result in a use after free\nThe MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26983.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26983.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26983","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03687","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03638","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03712","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03729","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03752","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0371","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03824","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03777","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03774","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03771","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03649","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04226","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04253","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26983"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26983","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26983"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/7cfae4da24a995fb05386d77364ff404a7cca7bc","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/commit/7cfae4da24a995fb05386d77364ff404a7cca7bc"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:09:37Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26983","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442134","reference_id":"2442134","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442134"},{"reference_url":"https://github.com/advisories/GHSA-w8mw-frc6-r7m8","reference_id":"GHSA-w8mw-frc6-r7m8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8mw-frc6-r7m8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-26983","GHSA-w8mw-frc6-r7m8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcjk-s89c-mbbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24705?format=json","vulnerability_id":"VCID-n47w-r932-abey","summary":"ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder\nAn extremely large image profile could result in a heap overflow when encoding a PNG image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30883","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00638","published_at":"2026-04-13T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00439","published_at":"2026-04-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00435","published_at":"2026-04-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00437","published_at":"2026-04-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00642","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00637","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00686","published_at":"2026-05-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00679","published_at":"2026-05-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00677","published_at":"2026-04-26T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00676","published_at":"2026-04-24T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00636","published_at":"2026-04-18T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00447","published_at":"2026-04-02T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00631","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00446","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30883"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:53:57Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30883","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30883"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445878","reference_id":"2445878","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445878"},{"reference_url":"https://github.com/advisories/GHSA-qmw5-2p58-xvrc","reference_id":"GHSA-qmw5-2p58-xvrc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qmw5-2p58-xvrc"},{"reference_url":"https://usn.ubuntu.com/8127-1/","reference_id":"USN-8127-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8127-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-30883","GHSA-qmw5-2p58-xvrc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n47w-r932-abey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351740?format=json","vulnerability_id":"VCID-qjxn-gm96-7ygc","summary":"ImageMagick: Magick.NET: ImageMagick: Denial of Service via integer overflow in despeckle operation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34238.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34238.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34238","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01596","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03706","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03675","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03681","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03684","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03731","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03685","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34238"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:46:28Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:46:28Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:46:28Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458048","reference_id":"2458048","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458048"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34238","reference_id":"CVE-2026-34238","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34238"},{"reference_url":"https://github.com/advisories/GHSA-26qp-ffjh-2x4v","reference_id":"GHSA-26qp-ffjh-2x4v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-26qp-ffjh-2x4v"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v","reference_id":"GHSA-26qp-ffjh-2x4v","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:46:28Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-34238","GHSA-26qp-ffjh-2x4v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjxn-gm96-7ygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24199?format=json","vulnerability_id":"VCID-r3vw-ncns-cqgb","summary":"ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder\nAn overflow on  32-bit systems can cause a crash in the SFW decoder when processing extremely large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31853","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02624","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02649","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02629","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02625","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02621","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02606","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03343","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03252","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03205","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03215","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03335","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03371","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03321","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31853"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T17:41:49Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31853","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31853"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446690","reference_id":"2446690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446690"},{"reference_url":"https://github.com/advisories/GHSA-56jp-jfqg-f8f4","reference_id":"GHSA-56jp-jfqg-f8f4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-56jp-jfqg-f8f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-31853","GHSA-56jp-jfqg-f8f4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3vw-ncns-cqgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23142?format=json","vulnerability_id":"VCID-rbdg-vz8x-ykah","summary":"ImageMagick has heap use-after-free in the MSL encoder\nA heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. \n\n```\nSUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage\nShadow bytes around the buggy address:\n  0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n  0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n  0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n  0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n  0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n=>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd\n  0x0a4e800074b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa\n  0x0a4e800074c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n  0x0a4e800074d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n  0x0a4e800074e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n  0x0a4e800074f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28688","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12738","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12659","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12854","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12789","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12806","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13978","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13872","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13716","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13897","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13832","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13928","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28688"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:02:13Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28688","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445877","reference_id":"2445877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445877"},{"reference_url":"https://github.com/advisories/GHSA-xxw5-m53x-j38c","reference_id":"GHSA-xxw5-m53x-j38c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxw5-m53x-j38c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28688","GHSA-xxw5-m53x-j38c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbdg-vz8x-ykah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24389?format=json","vulnerability_id":"VCID-rjkf-pdny-2fhn","summary":"ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays\nA stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28494.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28494","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02649","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02629","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02625","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02621","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02606","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03343","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03279","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03252","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03205","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03215","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03335","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03371","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03321","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28494"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T14:40:59Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28494","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28494"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445901","reference_id":"2445901","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445901"},{"reference_url":"https://github.com/advisories/GHSA-932h-jw47-73jm","reference_id":"GHSA-932h-jw47-73jm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-932h-jw47-73jm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28494","GHSA-932h-jw47-73jm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjkf-pdny-2fhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24208?format=json","vulnerability_id":"VCID-sw7g-hxxr-n3e1","summary":"ImageMagick has a Path Policy TOCTOU symlink race bypass\n`domain=\"path\"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28689","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0074","published_at":"2026-05-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00723","published_at":"2026-04-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00721","published_at":"2026-04-02T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00712","published_at":"2026-04-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00722","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00718","published_at":"2026-04-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00892","published_at":"2026-04-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00947","published_at":"2026-05-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00953","published_at":"2026-04-26T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00949","published_at":"2026-04-24T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00945","published_at":"2026-04-29T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00889","published_at":"2026-04-16T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00896","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0089","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T15:56:31Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28689","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28689"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445891","reference_id":"2445891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445891"},{"reference_url":"https://github.com/advisories/GHSA-493f-jh8w-qhx3","reference_id":"GHSA-493f-jh8w-qhx3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-493f-jh8w-qhx3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28689","GHSA-493f-jh8w-qhx3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sw7g-hxxr-n3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23948?format=json","vulnerability_id":"VCID-tt6z-t31v-dkdd","summary":"ImageMagick has an Out-of-bounds Write via InterpretImageFilename\nDue to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write.\n\n```\n=================================================================\n==48558==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00016b9b7490 at pc 0x0001046d48ac bp 0x00016b9b31d0 sp 0x00016b9b31c8\nWRITE of size 1 at 0x00016b9b7490 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33536.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33536.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33536","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04528","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.045","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04367","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04359","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04391","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04408","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04368","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04423","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04429","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04412","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04378","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04548","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05316","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05277","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05267","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33536"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:44:35Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33536","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33536"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451849","reference_id":"2451849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451849"},{"reference_url":"https://github.com/advisories/GHSA-8793-7xv6-82cf","reference_id":"GHSA-8793-7xv6-82cf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8793-7xv6-82cf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"}],"aliases":["CVE-2026-33536","GHSA-8793-7xv6-82cf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tt6z-t31v-dkdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25007?format=json","vulnerability_id":"VCID-tv15-dcnu-pbbn","summary":"ImageMagick: Heap overflow in pcd decoder leads to out of bounds read.\nThe pcd coder lacks proper boundary checking when processing Huffman-coded data. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read.\n\n```\n==3900053==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000003c6c at pc 0x55601b9cc552 bp 0x7ffd904b1f70 sp 0x7ffd904b1f60\nREAD of size 1 at 0x502000003c6c thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26284.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26284.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26284","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06084","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0608","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06013","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0586","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05884","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05892","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05923","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05823","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05891","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06456","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06342","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26284"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:46:33Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26284","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26284"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442137","reference_id":"2442137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442137"},{"reference_url":"https://github.com/advisories/GHSA-wrhr-rf8j-r842","reference_id":"GHSA-wrhr-rf8j-r842","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrhr-rf8j-r842"},{"reference_url":"https://usn.ubuntu.com/8069-1/","reference_id":"USN-8069-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8069-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-26284","GHSA-wrhr-rf8j-r842"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv15-dcnu-pbbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24918?format=json","vulnerability_id":"VCID-utfe-h3b7-jqcj","summary":"ImageMagick: MSL - Stack overflow in ProcessMSLScript\n### Summary\nMagick fails to check for circular references between two MSLs, leading to a stack overflow.\n\n### Details\nAfter reading a.msl using magick, the following is displayed:\n\n`MSLStartElement` -> `ReadImage` -> `ReadMSLImage` -> `ProcessMSLScript` -> `xmlParseChunk` -> `xmlParseTryOrFinish` -> `MSLStartElement`\n\n```bash\nAddressSanitizer:DEADLYSIGNAL\n=================================================================\n==114345==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x72509fc7d804 bp 0x7ffd6598b390 sp 0x7ffd6598ab20 T0)\n    #0 0x72509fc7d804 in strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:388\n[...]\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25971.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25971","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12904","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13009","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13041","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1302","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12922","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12919","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13017","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13068","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13107","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13153","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13209","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13088","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13007","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13588","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13432","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25971"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25971","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442117","reference_id":"2442117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442117"},{"reference_url":"https://github.com/advisories/GHSA-8mpr-6xr2-chhc","reference_id":"GHSA-8mpr-6xr2-chhc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mpr-6xr2-chhc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-25971","GHSA-8mpr-6xr2-chhc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utfe-h3b7-jqcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351741?format=json","vulnerability_id":"VCID-uvkp-1zss-57gr","summary":"ImageMagick: Magick.NET: ImageMagick: Denial of Service via deeply nested XML file processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33908.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33908.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33908","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0503","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04981","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04914","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04988","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04992","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12451","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13268","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33908"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458041","reference_id":"2458041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458041"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33908","reference_id":"CVE-2026-33908","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33908"},{"reference_url":"https://github.com/advisories/GHSA-fwvm-ggf6-2p4x","reference_id":"GHSA-fwvm-ggf6-2p4x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwvm-ggf6-2p4x"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x","reference_id":"GHSA-fwvm-ggf6-2p4x","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:29:51Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-33908","GHSA-fwvm-ggf6-2p4x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvkp-1zss-57gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351746?format=json","vulnerability_id":"VCID-w9zg-tsbg-afa1","summary":"ImageMagick: Magick.NET: ImageMagick: Denial of Service via out-of-bounds write in XML parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33899.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33899.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33899","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04515","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04486","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04409","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04485","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11639","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12406","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33899"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458026","reference_id":"2458026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458026"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33899","reference_id":"CVE-2026-33899","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33899"},{"reference_url":"https://github.com/advisories/GHSA-cr67-pvmx-2pp2","reference_id":"GHSA-cr67-pvmx-2pp2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr67-pvmx-2pp2"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2","reference_id":"GHSA-cr67-pvmx-2pp2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:22:04Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1068084?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1089408?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1"}],"aliases":["CVE-2026-33899","GHSA-cr67-pvmx-2pp2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9zg-tsbg-afa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24594?format=json","vulnerability_id":"VCID-x8c6-9pse-xkc8","summary":"ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write\nAn integer overflow in DIB coder can result in out of bounds read or write","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28693.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28693","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18648","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18595","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18515","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18798","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19866","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20148","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20102","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20044","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20026","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2003","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20029","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19919","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19914","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19884","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19789","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-10T15:57:44Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28693","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28693"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445888","reference_id":"2445888","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445888"},{"reference_url":"https://github.com/advisories/GHSA-hffp-q43q-qq76","reference_id":"GHSA-hffp-q43q-qq76","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hffp-q43q-qq76"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6713","reference_id":"RHSA-2026:6713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28693","GHSA-hffp-q43q-qq76"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8c6-9pse-xkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24481?format=json","vulnerability_id":"VCID-y58b-be93-hbfd","summary":"ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer\nA heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.\n\n```\nWRITE of size 1 at 0x7e79f91f31a0 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28686","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04189","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04175","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04143","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04127","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05058","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04881","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04861","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04841","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0479","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04799","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04944","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0498","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05021","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05016","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05009","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28686"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T14:24:19Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28686","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28686"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445889","reference_id":"2445889","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445889"},{"reference_url":"https://github.com/advisories/GHSA-467j-76j7-5885","reference_id":"GHSA-467j-76j7-5885","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-467j-76j7-5885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-28686","GHSA-467j-76j7-5885"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y58b-be93-hbfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21546?format=json","vulnerability_id":"VCID-zab9-9tqj-hbhg","summary":"ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder\nA crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort.\n\nFound via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25985","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04745","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04773","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04767","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04815","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04792","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04961","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04955","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04916","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04879","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04734","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04725","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05242","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25985"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:05:38Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25985","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25985"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442127","reference_id":"2442127","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442127"},{"reference_url":"https://github.com/advisories/GHSA-v7g2-m8c5-mf84","reference_id":"GHSA-v7g2-m8c5-mf84","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7g2-m8c5-mf84"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5573","reference_id":"RHSA-2026:5573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5573"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}],"aliases":["CVE-2026-25985","GHSA-v7g2-m8c5-mf84"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zab9-9tqj-hbhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23167?format=json","vulnerability_id":"VCID-zvq4-ybph-buga","summary":"ImageMagick has an Out-of-Bounds write of a zero byte in  its X11 display interaction\nAn out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33535.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33535.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33535","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0274","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02735","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02724","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0277","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02773","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02792","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02762","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04197","published_at":"2026-04-02T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00253","published_at":"2026-04-21T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00251","published_at":"2026-04-26T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00252","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00329","published_at":"2026-05-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00327","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33535"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:50Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33535","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33535"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451855","reference_id":"2451855","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451855"},{"reference_url":"https://github.com/advisories/GHSA-mw3m-pqr2-qv7c","reference_id":"GHSA-mw3m-pqr2-qv7c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mw3m-pqr2-qv7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026114?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1026115?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1068118?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1089398?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1054646?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1089407?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8"}],"aliases":["CVE-2026-33535","GHSA-mw3m-pqr2-qv7c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zvq4-ybph-buga"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9"}