Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/ImageMagick@6.9.10.68-13?arch=el7_9
Typerpm
Namespaceredhat
NameImageMagick
Version6.9.10.68-13
Qualifiers
arch el7_9
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-gdg8-aejn-83c4
vulnerability_id VCID-gdg8-aejn-83c4
summary 
ImageMagick: Policy bypass through path traversal allows reading restricted content despite secured policy
ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied.

Actions to prevent reading from files have been taken. But it make sure writing is also not possible the following should be added to your policy:

```
<policy domain="path" rights="none" pattern="*../*"/>
```

And this will also be included in the project's more secure policies by default.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25965.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25965
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05005
published_at 2026-05-07T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04369
published_at 2026-04-07T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04402
published_at 2026-04-08T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04419
published_at 2026-04-09T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04413
published_at 2026-04-11T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04398
published_at 2026-04-12T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04382
published_at 2026-04-13T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04348
published_at 2026-04-16T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04357
published_at 2026-04-18T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04488
published_at 2026-04-21T12:55:00Z
10
value 0.00018
scoring_system epss
scoring_elements 0.04515
published_at 2026-04-24T12:55:00Z
11
value 0.00018
scoring_system epss
scoring_elements 0.04535
published_at 2026-04-26T12:55:00Z
12
value 0.00018
scoring_system epss
scoring_elements 0.04578
published_at 2026-04-29T12:55:00Z
13
value 0.00018
scoring_system epss
scoring_elements 0.04956
published_at 2026-05-05T12:55:00Z
14
value 0.00018
scoring_system epss
scoring_elements 0.04359
published_at 2026-04-04T12:55:00Z
15
value 0.00047
scoring_system epss
scoring_elements 0.14614
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25965
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25965
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:28:41Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25965
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25965
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442118
reference_id 2442118
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442118
9
reference_url https://github.com/advisories/GHSA-8jvj-p28h-9gm7
reference_id GHSA-8jvj-p28h-9gm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jvj-p28h-9gm7
10
reference_url https://access.redhat.com/errata/RHSA-2026:5573
reference_id RHSA-2026:5573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5573
fixed_packages
aliases CVE-2026-25965, GHSA-8jvj-p28h-9gm7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdg8-aejn-83c4
1
url VCID-zab9-9tqj-hbhg
vulnerability_id VCID-zab9-9tqj-hbhg
summary 
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder
A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort.

Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25985
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04827
published_at 2026-04-09T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04745
published_at 2026-04-02T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04773
published_at 2026-04-13T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04767
published_at 2026-04-04T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04782
published_at 2026-04-07T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04815
published_at 2026-04-11T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04792
published_at 2026-04-12T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04961
published_at 2026-04-29T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04955
published_at 2026-04-26T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04916
published_at 2026-04-24T12:55:00Z
10
value 0.00018
scoring_system epss
scoring_elements 0.04879
published_at 2026-04-21T12:55:00Z
11
value 0.00018
scoring_system epss
scoring_elements 0.04734
published_at 2026-04-18T12:55:00Z
12
value 0.00018
scoring_system epss
scoring_elements 0.04725
published_at 2026-04-16T12:55:00Z
13
value 0.00019
scoring_system epss
scoring_elements 0.05242
published_at 2026-05-05T12:55:00Z
14
value 0.00019
scoring_system epss
scoring_elements 0.05291
published_at 2026-05-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25985
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25985
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25985
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
5
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312
7
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-28T02:05:38Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25985
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25985
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442127
reference_id 2442127
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442127
10
reference_url https://github.com/advisories/GHSA-v7g2-m8c5-mf84
reference_id GHSA-v7g2-m8c5-mf84
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7g2-m8c5-mf84
11
reference_url https://access.redhat.com/errata/RHSA-2026:5573
reference_id RHSA-2026:5573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5573
fixed_packages
aliases CVE-2026-25985, GHSA-v7g2-m8c5-mf84
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zab9-9tqj-hbhg
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ImageMagick@6.9.10.68-13%3Farch=el7_9