Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0
Typenuget
Namespace
NameMagick.NET-Q16-OpenMP-x86
Version14.7.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version14.10.2
Latest_non_vulnerable_version14.11.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-6t7d-2hre-sqbw
vulnerability_id VCID-6t7d-2hre-sqbw
summary 
ImageMagick has XMP profile write that triggers hang due to unbounded loop
### Summary
Infinite lines occur when writing during a specific XMP file conversion command
### Details
```
#0  GetXmpNumeratorAndDenominator (denominator=<optimized out>, numerator=<optimized out>, value=<optimized out>) at MagickCore/profile.c:2578
#1  GetXmpNumeratorAndDenominator (denominator=<synthetic pointer>, numerator=<synthetic pointer>, value=720000000000000) at MagickCore/profile.c:2564
#2  SyncXmpProfile (image=image@entry=0x555555bb9ea0, profile=0x555555b9d020) at MagickCore/profile.c:2605
#3  0x00005555555db5cf in SyncImageProfiles (image=image@entry=0x555555bb9ea0) at MagickCore/profile.c:2651
#4  0x0000555555798d4f in WriteImage (image_info=image_info@entry=0x555555bc2050, image=image@entry=0x555555bb9ea0, exception=exception@entry=0x555555b7bea0) at MagickCore/constitute.c:1288
#5  0x0000555555799862 in WriteImages (image_info=image_info@entry=0x555555bb69c0, images=<optimized out>, images@entry=0x555555bb9ea0, filename=<optimized out>, exception=0x555555b7bea0) at MagickCore/constitute.c:1575
#6  0x00005555559650c4 in CLINoImageOperator (cli_wand=cli_wand@entry=0x555555b85790, option=option@entry=0x5555559beebe "-write", arg1n=arg1n@entry=0x7fffffffe2c7 "a.mng", arg2n=arg2n@entry=0x0) at MagickWand/operation.c:4993
#7  0x0000555555974579 in CLIOption (cli_wand=cli_wand@entry=0x555555b85790, option=option@entry=0x5555559beebe "-write") at MagickWand/operation.c:5473
#8  0x00005555559224aa in ProcessCommandOptions (cli_wand=cli_wand@entry=0x555555b85790, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, index=index@entry=1) at MagickWand/magick-cli.c:758
#9  0x000055555592276d in MagickImageCommand (image_info=image_info@entry=0x555555b824a0, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, metadata=metadata@entry=0x7fffffffbc10, exception=exception@entry=0x555555b7bea0) at MagickWand/magick-cli.c:1392
#10 0x00005555559216a0 in MagickCommandGenesis (image_info=image_info@entry=0x555555b824a0, command=command@entry=0x555555922640 <MagickImageCommand>, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, metadata=0x0, exception=exception@entry=0x555555b7bea0) at MagickWand/magick-cli.c:177
#11 0x000055555559f76b in MagickMain (argc=3, argv=0x7fffffffdfa8) at utilities/magick.c:162
#12 0x00007ffff700fd90 in __libc_start_call_main (main=main@entry=0x55555559aec0 <main>, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8) at ../sysdeps/nptl/libc_start_call_main.h:58
#13 0x00007ffff700fe40 in __libc_start_main_impl (main=0x55555559aec0 <main>, argc=3, argv=0x7fffffffdfa8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdf98) at ../csu/libc-start.c:392
#14 0x000055555559f535 in _start ()
```
```
static void GetXmpNumeratorAndDenominator(double value,
  unsigned long *numerator,unsigned long *denominator)
{
  double
    df;

  *numerator=0;
  *denominator=1;
  if (value <= MagickEpsilon)
    return;
  *numerator=1;
  df=1.0;
  while(fabs(df - value) > MagickEpsilon)
  {
    if (df < value)
      (*numerator)++;
    else
      {
        (*denominator)++;
        *numerator=(unsigned long) (value*(*denominator));
      }
    df=*numerator/(double)*denominator;
  }
}
```
In this code, the loop `while(fabs(df - value) > MagickEpsilon)` keeps repeating endlessly.

### PoC
`magick hang a.mng`
https://drive.google.com/file/d/1iegkwlTjqnJTtM4XkiheYsjKsC6pxtId/view?usp=sharing

### Impact
XMP profile write triggers hang due to unbounded loop


### credits
**Team Pay1oad DVE** 

**Reporter** :  **Shinyoung Won** (with contributions from **WooJin Park, DongHa Lee, JungWoo Park, Woojin Jeon, Juwon Chae**, **Kyusang Han, JaeHun Gou**)

**yosimich(@yosiimich**) **Shinyoung Won** of SSA Lab

e-mail : [yosimich123@gmail.com]

**Woojin Jeon**

Gtihub : brainoverflow

e-mail : [root@brainoverflow.kr]

**WooJin Park**

GitHub : jin-156

e-mail : [1203kids@gmail.com]

**Who4mI(@GAP-dev) Lee DongHa of SSA Lab**

Github: GAP-dev

e-mail : [ceo@zeropointer.co.kr]

**JungWoo Park**

Github : JungWooJJING

e-mail : [cuby5577@gmail.com]

**Juwon Chae** 

Github : I_mho

e-mail : [wndnjs4698@naver.com]

**Kyusang Han**

Github : T1deSEC

e-mail : [hksjoe0081@gmail.com]

**JaeHun Gou**

Github : P2GONE

e-mail : [charly20@naver.com]

### Commits
Fixed in: https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 and https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53015.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53015.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-53015
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.1786
published_at 2026-04-07T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.18108
published_at 2026-04-02T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.17948
published_at 2026-04-08T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.18161
published_at 2026-04-04T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.19707
published_at 2026-04-26T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.19715
published_at 2026-04-24T12:55:00Z
6
value 0.00064
scoring_system epss
scoring_elements 0.19818
published_at 2026-04-21T12:55:00Z
7
value 0.00064
scoring_system epss
scoring_elements 0.19805
published_at 2026-04-18T12:55:00Z
8
value 0.00064
scoring_system epss
scoring_elements 0.19802
published_at 2026-04-16T12:55:00Z
9
value 0.00064
scoring_system epss
scoring_elements 0.19829
published_at 2026-04-13T12:55:00Z
10
value 0.00064
scoring_system epss
scoring_elements 0.19887
published_at 2026-04-12T12:55:00Z
11
value 0.00064
scoring_system epss
scoring_elements 0.19931
published_at 2026-04-11T12:55:00Z
12
value 0.00064
scoring_system epss
scoring_elements 0.19922
published_at 2026-04-09T12:55:00Z
13
value 0.00064
scoring_system epss
scoring_elements 0.19674
published_at 2026-04-29T12:55:00Z
14
value 0.00069
scoring_system epss
scoring_elements 0.21033
published_at 2026-05-07T12:55:00Z
15
value 0.00069
scoring_system epss
scoring_elements 0.20966
published_at 2026-05-05T12:55:00Z
16
value 0.00069
scoring_system epss
scoring_elements 0.21121
published_at 2026-05-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-53015
2
reference_url https://drive.google.com/file/d/1iegkwlTjqnJTtM4XkiheYsjKsC6pxtId/view?usp=sharing
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:14:20Z/
url https://drive.google.com/file/d/1iegkwlTjqnJTtM4XkiheYsjKsC6pxtId/view?usp=sharing
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0
7
reference_url https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26
8
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:14:20Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53015
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-53015
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339
reference_id 1109339
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2379948
reference_id 2379948
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2379948
12
reference_url https://github.com/advisories/GHSA-vmhh-8rxq-fp9g
reference_id GHSA-vmhh-8rxq-fp9g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmhh-8rxq-fp9g
fixed_packages
0
url pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0
purl pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0
aliases CVE-2025-53015, GHSA-vmhh-8rxq-fp9g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t7d-2hre-sqbw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0