{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","type":"nuget","namespace":"","name":"magick.net-q8-openmp-x64","version":"14.10.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50890?format=json","vulnerability_id":"VCID-9fpb-ch9j-8yg3","summary":"ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder\nA heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file.\n\n```\n=================================================================\n==1500633==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000011550 at pc 0x5612583fa212 bp 0x7ffedb86d160 sp 0x7ffedb86d150\nREAD of size 8 at 0x527000011550 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445897","reference_id":"2445897","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445897"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28687","reference_id":"CVE-2026-28687","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28687"},{"reference_url":"https://github.com/advisories/GHSA-fpvf-frm6-625q","reference_id":"GHSA-fpvf-frm6-625q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fpvf-frm6-625q"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q","reference_id":"GHSA-fpvf-frm6-625q","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-28687","GHSA-fpvf-frm6-625q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fpb-ch9j-8yg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50892?format=json","vulnerability_id":"VCID-e59v-wtp4-v7ev","summary":"ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer\nA heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation.\n\n```\nWRITE of size 1 at 0x7e79f91f31a0 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445889","reference_id":"2445889","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445889"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28686","reference_id":"CVE-2026-28686","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28686"},{"reference_url":"https://github.com/advisories/GHSA-467j-76j7-5885","reference_id":"GHSA-467j-76j7-5885","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-467j-76j7-5885"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885","reference_id":"GHSA-467j-76j7-5885","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-28686","GHSA-467j-76j7-5885"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e59v-wtp4-v7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50786?format=json","vulnerability_id":"VCID-j589-992a-jfa7","summary":"ImageMagick has a Path Policy TOCTOU symlink race bypass\n`domain=\"path\"` authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445891","reference_id":"2445891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445891"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28689","reference_id":"CVE-2026-28689","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28689"},{"reference_url":"https://github.com/advisories/GHSA-493f-jh8w-qhx3","reference_id":"GHSA-493f-jh8w-qhx3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-493f-jh8w-qhx3"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3","reference_id":"GHSA-493f-jh8w-qhx3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-28689","GHSA-493f-jh8w-qhx3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j589-992a-jfa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50908?format=json","vulnerability_id":"VCID-m8u5-3zy6-zyh8","summary":"ImageMagick has heap use-after-free in the MSL encoder\nA heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed.\n\n```\nSUMMARY: AddressSanitizer: heap-use-after-free MagickCore/image.c:1195 in DestroyImage\nShadow bytes around the buggy address:\n0x0a4e80007450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n0x0a4e80007490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\n=>0x0a4e800074a0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd\n0x0a4e800074b0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa\n0x0a4e800074c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n0x0a4e800074f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445877","reference_id":"2445877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28688","reference_id":"CVE-2026-28688","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28688"},{"reference_url":"https://github.com/advisories/GHSA-xxw5-m53x-j38c","reference_id":"GHSA-xxw5-m53x-j38c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xxw5-m53x-j38c"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c","reference_id":"GHSA-xxw5-m53x-j38c","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-28688","GHSA-xxw5-m53x-j38c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8u5-3zy6-zyh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50785?format=json","vulnerability_id":"VCID-nfr9-r9x3-4ugt","summary":"ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder\nIn MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read.\n\n```\n=================================================================\n==969652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000003b40 at pc 0x555557b2a926 bp 0x7fffffff4c80 sp 0x7fffffff4c70\nREAD of size 8 at 0x506000003b40 thread T0\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445890","reference_id":"2445890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445890"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28692","reference_id":"CVE-2026-28692","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28692"},{"reference_url":"https://github.com/advisories/GHSA-mrmj-x24c-wwcv","reference_id":"GHSA-mrmj-x24c-wwcv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mrmj-x24c-wwcv"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv","reference_id":"GHSA-mrmj-x24c-wwcv","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-28692","GHSA-mrmj-x24c-wwcv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfr9-r9x3-4ugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50906?format=json","vulnerability_id":"VCID-nxzm-r956-pbfy","summary":"ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder\nAn integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted mage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28493.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28493.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445883","reference_id":"2445883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445883"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28493","reference_id":"CVE-2026-28493","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28493"},{"reference_url":"https://github.com/advisories/GHSA-r39q-jr8h-gcq2","reference_id":"GHSA-r39q-jr8h-gcq2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r39q-jr8h-gcq2"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2","reference_id":"GHSA-r39q-jr8h-gcq2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-28493","GHSA-r39q-jr8h-gcq2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nxzm-r956-pbfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50881?format=json","vulnerability_id":"VCID-t7w8-fz8u-zud8","summary":"ImageMagick has stack buffer overflow in MagnifyImage\nMagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30929.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30929.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445896","reference_id":"2445896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445896"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30929","reference_id":"CVE-2026-30929","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30929"},{"reference_url":"https://github.com/advisories/GHSA-rqq8-jh93-f4vg","reference_id":"GHSA-rqq8-jh93-f4vg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rqq8-jh93-f4vg"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg","reference_id":"GHSA-rqq8-jh93-f4vg","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-30929","GHSA-rqq8-jh93-f4vg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t7w8-fz8u-zud8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50787?format=json","vulnerability_id":"VCID-vk9r-ve4j-w7g2","summary":"ImageMagick is vulnerable to heap buffer over-write on 32-bit systems in SFW decoder\nAn overflow on  32-bit systems can cause a crash in the SFW decoder when processing extremely large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446690","reference_id":"2446690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446690"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31853","reference_id":"CVE-2026-31853","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31853"},{"reference_url":"https://github.com/advisories/GHSA-56jp-jfqg-f8f4","reference_id":"GHSA-56jp-jfqg-f8f4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-56jp-jfqg-f8f4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4","reference_id":"GHSA-56jp-jfqg-f8f4","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-31853","GHSA-56jp-jfqg-f8f4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9r-ve4j-w7g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50784?format=json","vulnerability_id":"VCID-xuxk-mcdm-q3fr","summary":"ImageMagick is vulnerable to Heap Overflow when writing extremely large image profile in the PNG encoder\nAn extremely large image profile could result in a heap overflow when encoding a PNG image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445878","reference_id":"2445878","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445878"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30883","reference_id":"CVE-2026-30883","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30883"},{"reference_url":"https://github.com/advisories/GHSA-qmw5-2p58-xvrc","reference_id":"GHSA-qmw5-2p58-xvrc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qmw5-2p58-xvrc"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc","reference_id":"GHSA-qmw5-2p58-xvrc","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-30883","GHSA-qmw5-2p58-xvrc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xuxk-mcdm-q3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50883?format=json","vulnerability_id":"VCID-zt1v-dckb-gbh3","summary":"ImageMagick has uninitialized pointer dereference in JBIG decoder\nAn uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.4"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445902","reference_id":"2445902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28691","reference_id":"CVE-2026-28691","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28691"},{"reference_url":"https://github.com/advisories/GHSA-wj8w-pjxf-9g4f","reference_id":"GHSA-wj8w-pjxf-9g4f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wj8w-pjxf-9g4f"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f","reference_id":"GHSA-wj8w-pjxf-9g4f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6713","reference_id":"RHSA-2026:6713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74576?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}],"aliases":["CVE-2026-28691","GHSA-wj8w-pjxf-9g4f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zt1v-dckb-gbh3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.4"}