{"url":"http://public2.vulnerablecode.io/api/packages/62232?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.2","type":"nuget","namespace":"","name":"Magick.NET-Q16-OpenMP-x86","version":"14.10.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"14.10.3","latest_non_vulnerable_version":"14.11.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20782?format=json","vulnerability_id":"VCID-569d-6nue-5kbq","summary":"ImageMagick releases an invalid pointer in BilateralBlur when memory allocation fails\nThe BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22770.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22770","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20822","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20898","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21028","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20743","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20883","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20613","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20647","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20651","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2077","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20785","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20793","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20803","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2097","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:05:17Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T20:05:17Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22770","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22770"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126074","reference_id":"1126074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431037","reference_id":"2431037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431037"},{"reference_url":"https://github.com/advisories/GHSA-39h3-g67r-7g3c","reference_id":"GHSA-39h3-g67r-7g3c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39h3-g67r-7g3c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62232?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.2"}],"aliases":["CVE-2026-22770","GHSA-39h3-g67r-7g3c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-569d-6nue-5kbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20741?format=json","vulnerability_id":"VCID-6meg-yjby-a7gj","summary":"ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML\n### Summary\n\nA memory leak vulnerability exists in the `LoadOpenCLDeviceBenchmark()` function in `MagickCore/opencl.c`. When parsing a malformed OpenCL device profile XML file that contains `<device` elements without proper `/>` closing tags, the function fails to release allocated memory for string members (`platform_name`, `vendor_name`, `name`, `version`), leading to memory leaks that could result in resource exhaustion.\n\n**Affected Version**: ImageMagick 7.1.2-12 and possibly earlier versions\n\n---\n\n### Details\n\nThe vulnerability is located in `MagickCore/opencl.c`, function `LoadOpenCLDeviceBenchmark()` (lines 754-911).\n\n**Root Cause Analysis:**\n\n1. When a `<device` tag is encountered, a `MagickCLDeviceBenchmark` structure is allocated (line 807-812)\n2. String attributes (`platform`, `vendor`, `name`, `version`) are allocated via `ConstantString()` (lines 878, 885, 898, 900)\n3. These strings are **only freed** when a `/>` closing tag is encountered (lines 840-849)\n4. At function exit (lines 908-910), only the `device_benchmark` structure is freed, but **its member variables are not freed** if `/>` was never parsed\n\n**Vulnerable Code (lines 908-910):**\n\n```c\ntoken=(char *) RelinquishMagickMemory(token);\ndevice_benchmark=(MagickCLDeviceBenchmark *) RelinquishMagickMemory(\n  device_benchmark);  // BUG: members (platform_name, vendor_name, name, version) not freed!\n```\n\n**Correct cleanup (only executed when `/>` is found, lines 840-849):**\n\n```c\ndevice_benchmark->platform_name=(char *) RelinquishMagickMemory(device_benchmark->platform_name);\ndevice_benchmark->vendor_name=(char *) RelinquishMagickMemory(device_benchmark->vendor_name);\ndevice_benchmark->name=(char *) RelinquishMagickMemory(device_benchmark->name);\ndevice_benchmark->version=(char *) RelinquishMagickMemory(device_benchmark->version);\ndevice_benchmark=(MagickCLDeviceBenchmark *) RelinquishMagickMemory(device_benchmark);\n```\n\n---\n\n### PoC\n\n**Environment:**\n- OS: Ubuntu 22.04.5 LTS (Linux 6.8.0-87-generic x86_64)\n- Compiler: GCC 11.4.0\n- ImageMagick: 7.1.2-13 (commit `a52c1b402be08ef8ae193f28ac5b2e120f2fa26f`)\n\n**Step 1: Build ImageMagick with AddressSanitizer**\n\n```bash\ncd ImageMagick\n./configure \\\n    CFLAGS=\"-g -O0 -fsanitize=address -fno-omit-frame-pointer\" \\\n    CXXFLAGS=\"-g -O0 -fsanitize=address -fno-omit-frame-pointer\" \\\n    LDFLAGS=\"-fsanitize=address\" \\\n    --disable-openmp\nmake -j$(nproc)\n```\n\n**Step 2: Create malformed XML file**\n\n**Step 3: Place file in OpenCL cache directory**\n\n```bash\nmkdir -p ~/.cache/ImageMagick\ncp malformed_opencl_profile.xml ~/.cache/ImageMagick/ImagemagickOpenCLDeviceProfile.xml\n```\n\n**Step 4: Run ImageMagick with leak detection**\n\n```bash\nexport ASAN_OPTIONS=\"detect_leaks=1:symbolize=1\"\n./utilities/magick -size 100x100 xc:red output.png\n```\n\n**ASAN Output:**\n\n```\n=================================================================\n==2543490==ERROR: LeakSanitizer: detected memory leaks\n\nDirect leak of 96 byte(s) in 2 object(s) allocated from:\n    #0 ... in AcquireMagickMemory MagickCore/memory.c:536\n    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:807\n\nDirect leak of 16 byte(s) in 1 object(s) allocated from:\n    #0 ... in ConstantString MagickCore/string.c:692\n    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:878  ← name\n\nDirect leak of 14 byte(s) in 1 object(s) allocated from:\n    #0 ... in ConstantString MagickCore/string.c:692\n    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:885  ← platform_name\n\nDirect leak of 14 byte(s) in 1 object(s) allocated from:\n    #0 ... in ConstantString MagickCore/string.c:692\n    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:898  ← vendor_name\n\nDirect leak of 15 byte(s) in 1 object(s) allocated from:\n    #0 ... in ConstantString MagickCore/string.c:692\n    #1 ... in LoadOpenCLDeviceBenchmark MagickCore/opencl.c:900  ← version\n\nSUMMARY: AddressSanitizer: 203 byte(s) leaked in 18 allocation(s).\n```\n\n---\n\n### Impact\n\n**Vulnerability Type:** CWE-401 (Missing Release of Memory after Effective Lifetime)\n\n**Severity:** Low\n\n**Who is impacted:**\n- Users who have OpenCL enabled in ImageMagick\n- Systems where an attacker can place or modify files in the OpenCL cache directory (`~/.cache/ImageMagick/`)\n- Long-running ImageMagick processes or services that repeatedly initialize OpenCL\n\n**Potential consequences:**\n- Memory exhaustion over time if the malformed configuration is repeatedly loaded\n- Denial of Service (DoS) in resource-constrained environments\n\n**Attack Vector:** Local - requires write access to the user's OpenCL cache directory","references":[{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv"},{"reference_url":"https://github.com/advisories/GHSA-qp59-x883-77qv","reference_id":"GHSA-qp59-x883-77qv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qp59-x883-77qv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62232?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.2"}],"aliases":["GHSA-qp59-x883-77qv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6meg-yjby-a7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20601?format=json","vulnerability_id":"VCID-h221-qd8d-tqa5","summary":"ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load\n## Summary\n\nNULL pointer dereference in MSL (Magick Scripting Language) parser when processing `<comment>` tag before any image is loaded.\n\n## Version\n\n- ImageMagick 7.x (tested on current main branch)\n- Commit: HEAD\n\n## Steps to Reproduce\n\n### Method 1: Using ImageMagick directly\n\n```bash\nmagick MSL:poc.msl out.png\n```\n\n### Method 2: Using OSS-Fuzz reproduce\n\n```bash\npython3 infra/helper.py build_fuzzers imagemagick\npython3 infra/helper.py reproduce imagemagick msl_fuzzer poc.msl\n```\n\nOr run the fuzzer directly:\n```bash\n./msl_fuzzer poc.msl\n```\n\n## Expected Behavior\n\nImageMagick should handle the malformed MSL gracefully and return an error message.\n\n## Actual Behavior\n\n```\nconvert: MagickCore/property.c:297: MagickBooleanType DeleteImageProperty(Image *, const char *): Assertion `image != (Image *) NULL' failed.\nAborted\n```\n\n## Root Cause Analysis\n\nIn `coders/msl.c:7091`, `MSLEndElement()` calls `DeleteImageProperty()` on `msl_info->image[n]` when handling the `</comment>` end tag without checking if the image is NULL:\n\n```c\nif (LocaleCompare((const char *) tag,\"comment\") == 0 )\n  {\n    (void) DeleteImageProperty(msl_info->image[n],\"comment\");  // No NULL check\n    ...\n  }\n```\n\nWhen `<comment>` appears before any `<read>` operation, `msl_info->image[n]` is NULL, causing the assertion failure in `DeleteImageProperty()` at `property.c:297`.\n\n## Impact\n\n- **DoS**: Crash via assertion failure (debug builds) or NULL pointer dereference (release builds)\n- **Affected**: Any application using ImageMagick to process user-supplied MSL files\n\n## Fuzzer\n\nThis issue was discovered using a custom MSL fuzzer:\n\n```cpp\n#include <cstdint>\n#include <Magick++/Blob.h>\n#include <Magick++/Image.h>\n#include \"utils.cc\"\n\nextern \"C\" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)\n{\n  if (IsInvalidSize(Size))\n    return(0);\n  try\n  {\n    const Magick::Blob blob(Data, Size);\n    Magick::Image image;\n    image.magick(\"MSL\");\n    image.fileName(\"MSL:\");\n    image.read(blob);\n  }\n  catch (Magick::Exception)\n  {\n  }\n  return(0);\n}\n```\n\nThis issue was found by Team FuzzingBrain @ Texas A&M University","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23952.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23952.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23952","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05768","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05726","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05576","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05553","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05615","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05586","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05517","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05525","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05569","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23952"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23952","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23952"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-22T21:43:24Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-22T21:43:24Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126077","reference_id":"1126077","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431905","reference_id":"2431905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431905"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23952","reference_id":"CVE-2026-23952","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23952"},{"reference_url":"https://github.com/advisories/GHSA-5vx3-wx4q-6cj8","reference_id":"GHSA-5vx3-wx4q-6cj8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5vx3-wx4q-6cj8"},{"reference_url":"https://usn.ubuntu.com/8127-1/","reference_id":"USN-8127-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8127-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62232?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.2"}],"aliases":["CVE-2026-23952","GHSA-5vx3-wx4q-6cj8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h221-qd8d-tqa5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.2"}