{"url":"http://public2.vulnerablecode.io/api/packages/70608?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0","type":"nuget","namespace":"","name":"Magick.NET-Q16-OpenMP-x86","version":"14.7.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"14.10.2","latest_non_vulnerable_version":"14.11.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29857?format=json","vulnerability_id":"VCID-6t7d-2hre-sqbw","summary":"ImageMagick has XMP profile write that triggers hang due to unbounded loop\n### Summary\nInfinite lines occur when writing during a specific XMP file conversion command\n### Details\n```\n#0  GetXmpNumeratorAndDenominator (denominator=<optimized out>, numerator=<optimized out>, value=<optimized out>) at MagickCore/profile.c:2578\n#1  GetXmpNumeratorAndDenominator (denominator=<synthetic pointer>, numerator=<synthetic pointer>, value=720000000000000) at MagickCore/profile.c:2564\n#2  SyncXmpProfile (image=image@entry=0x555555bb9ea0, profile=0x555555b9d020) at MagickCore/profile.c:2605\n#3  0x00005555555db5cf in SyncImageProfiles (image=image@entry=0x555555bb9ea0) at MagickCore/profile.c:2651\n#4  0x0000555555798d4f in WriteImage (image_info=image_info@entry=0x555555bc2050, image=image@entry=0x555555bb9ea0, exception=exception@entry=0x555555b7bea0) at MagickCore/constitute.c:1288\n#5  0x0000555555799862 in WriteImages (image_info=image_info@entry=0x555555bb69c0, images=<optimized out>, images@entry=0x555555bb9ea0, filename=<optimized out>, exception=0x555555b7bea0) at MagickCore/constitute.c:1575\n#6  0x00005555559650c4 in CLINoImageOperator (cli_wand=cli_wand@entry=0x555555b85790, option=option@entry=0x5555559beebe \"-write\", arg1n=arg1n@entry=0x7fffffffe2c7 \"a.mng\", arg2n=arg2n@entry=0x0) at MagickWand/operation.c:4993\n#7  0x0000555555974579 in CLIOption (cli_wand=cli_wand@entry=0x555555b85790, option=option@entry=0x5555559beebe \"-write\") at MagickWand/operation.c:5473\n#8  0x00005555559224aa in ProcessCommandOptions (cli_wand=cli_wand@entry=0x555555b85790, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, index=index@entry=1) at MagickWand/magick-cli.c:758\n#9  0x000055555592276d in MagickImageCommand (image_info=image_info@entry=0x555555b824a0, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, metadata=metadata@entry=0x7fffffffbc10, exception=exception@entry=0x555555b7bea0) at MagickWand/magick-cli.c:1392\n#10 0x00005555559216a0 in MagickCommandGenesis (image_info=image_info@entry=0x555555b824a0, command=command@entry=0x555555922640 <MagickImageCommand>, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8, metadata=0x0, exception=exception@entry=0x555555b7bea0) at MagickWand/magick-cli.c:177\n#11 0x000055555559f76b in MagickMain (argc=3, argv=0x7fffffffdfa8) at utilities/magick.c:162\n#12 0x00007ffff700fd90 in __libc_start_call_main (main=main@entry=0x55555559aec0 <main>, argc=argc@entry=3, argv=argv@entry=0x7fffffffdfa8) at ../sysdeps/nptl/libc_start_call_main.h:58\n#13 0x00007ffff700fe40 in __libc_start_main_impl (main=0x55555559aec0 <main>, argc=3, argv=0x7fffffffdfa8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdf98) at ../csu/libc-start.c:392\n#14 0x000055555559f535 in _start ()\n```\n```\nstatic void GetXmpNumeratorAndDenominator(double value,\n  unsigned long *numerator,unsigned long *denominator)\n{\n  double\n    df;\n\n  *numerator=0;\n  *denominator=1;\n  if (value <= MagickEpsilon)\n    return;\n  *numerator=1;\n  df=1.0;\n  while(fabs(df - value) > MagickEpsilon)\n  {\n    if (df < value)\n      (*numerator)++;\n    else\n      {\n        (*denominator)++;\n        *numerator=(unsigned long) (value*(*denominator));\n      }\n    df=*numerator/(double)*denominator;\n  }\n}\n```\nIn this code, the loop `while(fabs(df - value) > MagickEpsilon)` keeps repeating endlessly.\n\n### PoC\n`magick hang a.mng`\nhttps://drive.google.com/file/d/1iegkwlTjqnJTtM4XkiheYsjKsC6pxtId/view?usp=sharing\n\n### Impact\nXMP profile write triggers hang due to unbounded loop\n\n\n### credits\n**Team Pay1oad DVE** \n\n**Reporter** :  **Shinyoung Won** (with contributions from **WooJin Park, DongHa Lee, JungWoo Park, Woojin Jeon, Juwon Chae**, **Kyusang Han, JaeHun Gou**)\n\n**yosimich(@yosiimich**) **Shinyoung Won** of SSA Lab\n\ne-mail : [yosimich123@gmail.com]\n\n**Woojin Jeon**\n\nGtihub : brainoverflow\n\ne-mail : [root@brainoverflow.kr]\n\n**WooJin Park**\n\nGitHub : jin-156\n\ne-mail : [1203kids@gmail.com]\n\n**Who4mI(@GAP-dev) Lee DongHa of SSA Lab**\n\nGithub: GAP-dev\n\ne-mail : [ceo@zeropointer.co.kr]\n\n**JungWoo Park**\n\nGithub : JungWooJJING\n\ne-mail : [cuby5577@gmail.com]\n\n**Juwon Chae** \n\nGithub : I_mho\n\ne-mail : [wndnjs4698@naver.com]\n\n**Kyusang Han**\n\nGithub : T1deSEC\n\ne-mail : [hksjoe0081@gmail.com]\n\n**JaeHun Gou**\n\nGithub : P2GONE\n\ne-mail : [charly20@naver.com]\n\n### Commits\nFixed in: https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0 and https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53015.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53015","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1786","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18108","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17948","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19707","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19715","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19805","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19802","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19829","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19887","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19922","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19674","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21033","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20966","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21121","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53015"},{"reference_url":"https://drive.google.com/file/d/1iegkwlTjqnJTtM4XkiheYsjKsC6pxtId/view?usp=sharing","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:14:20Z/"}],"url":"https://drive.google.com/file/d/1iegkwlTjqnJTtM4XkiheYsjKsC6pxtId/view?usp=sharing"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/commit/229fa96a988a21d78318bbca61245a6ed1ee33a0"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:14:20Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53015","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53015"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339","reference_id":"1109339","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109339"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379948","reference_id":"2379948","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379948"},{"reference_url":"https://github.com/advisories/GHSA-vmhh-8rxq-fp9g","reference_id":"GHSA-vmhh-8rxq-fp9g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vmhh-8rxq-fp9g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70608?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0"}],"aliases":["CVE-2025-53015","GHSA-vmhh-8rxq-fp9g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t7d-2hre-sqbw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.7.0"}