{"url":"http://public2.vulnerablecode.io/api/packages/925373?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u9?distro=trixie","type":"deb","namespace":"debian","name":"imagemagick","version":"8:6.9.11.60+dfsg-1.3+deb11u9","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"8:6.9.11.60+dfsg-1.3+deb11u10","latest_non_vulnerable_version":"8:7.1.2.21+dfsg1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20601?format=json","vulnerability_id":"VCID-h221-qd8d-tqa5","summary":"ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load\n## Summary\n\nNULL pointer dereference in MSL (Magick Scripting Language) parser when processing `<comment>` tag before any image is loaded.\n\n## Version\n\n- ImageMagick 7.x (tested on current main branch)\n- Commit: HEAD\n\n## Steps to Reproduce\n\n### Method 1: Using ImageMagick directly\n\n```bash\nmagick MSL:poc.msl out.png\n```\n\n### Method 2: Using OSS-Fuzz reproduce\n\n```bash\npython3 infra/helper.py build_fuzzers imagemagick\npython3 infra/helper.py reproduce imagemagick msl_fuzzer poc.msl\n```\n\nOr run the fuzzer directly:\n```bash\n./msl_fuzzer poc.msl\n```\n\n## Expected Behavior\n\nImageMagick should handle the malformed MSL gracefully and return an error message.\n\n## Actual Behavior\n\n```\nconvert: MagickCore/property.c:297: MagickBooleanType DeleteImageProperty(Image *, const char *): Assertion `image != (Image *) NULL' failed.\nAborted\n```\n\n## Root Cause Analysis\n\nIn `coders/msl.c:7091`, `MSLEndElement()` calls `DeleteImageProperty()` on `msl_info->image[n]` when handling the `</comment>` end tag without checking if the image is NULL:\n\n```c\nif (LocaleCompare((const char *) tag,\"comment\") == 0 )\n  {\n    (void) DeleteImageProperty(msl_info->image[n],\"comment\");  // No NULL check\n    ...\n  }\n```\n\nWhen `<comment>` appears before any `<read>` operation, `msl_info->image[n]` is NULL, causing the assertion failure in `DeleteImageProperty()` at `property.c:297`.\n\n## Impact\n\n- **DoS**: Crash via assertion failure (debug builds) or NULL pointer dereference (release builds)\n- **Affected**: Any application using ImageMagick to process user-supplied MSL files\n\n## Fuzzer\n\nThis issue was discovered using a custom MSL fuzzer:\n\n```cpp\n#include <cstdint>\n#include <Magick++/Blob.h>\n#include <Magick++/Image.h>\n#include \"utils.cc\"\n\nextern \"C\" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)\n{\n  if (IsInvalidSize(Size))\n    return(0);\n  try\n  {\n    const Magick::Blob blob(Data, Size);\n    Magick::Image image;\n    image.magick(\"MSL\");\n    image.fileName(\"MSL:\");\n    image.read(blob);\n  }\n  catch (Magick::Exception)\n  {\n  }\n  return(0);\n}\n```\n\nThis issue was found by Team FuzzingBrain @ Texas A&M University","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23952.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23952.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23952","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05853","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05615","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05586","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05576","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05569","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05525","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05726","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05768","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05776","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05517","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05553","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23952"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23952","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23952"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-22T21:43:24Z/"}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-22T21:43:24Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126077","reference_id":"1126077","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431905","reference_id":"2431905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431905"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23952","reference_id":"CVE-2026-23952","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23952"},{"reference_url":"https://github.com/advisories/GHSA-5vx3-wx4q-6cj8","reference_id":"GHSA-5vx3-wx4q-6cj8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5vx3-wx4q-6cj8"},{"reference_url":"https://usn.ubuntu.com/8127-1/","reference_id":"USN-8127-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8127-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925284?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eb4u-x1mt-2uan"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925373?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925282?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925372?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925287?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yv5-qdeg-9bag"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-4s37-h3p7-6uab"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925371?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.13%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.13%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925285?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.16%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.16%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925286?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.18%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yv5-qdeg-9bag"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-4s37-h3p7-6uab"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-xftn-a3dv-muda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.18%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067546?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1102945?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-23952","GHSA-5vx3-wx4q-6cj8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h221-qd8d-tqa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64959?format=json","vulnerability_id":"VCID-nvp5-dpj6-byda","summary":"ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23876.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23876.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23876","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25301","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24948","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25153","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25062","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2505","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25004","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24882","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25343","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25121","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2519","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25235","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25249","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25208","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25164","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23876"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126076","reference_id":"1126076","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126076"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431038","reference_id":"2431038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431038"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8","reference_id":"2fae24192b78fdfdd27d766fd21d90aeac6ea8b8","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-21T04:55:22Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8","reference_id":"GHSA-r49w-jqq3-3gx8","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-21T04:55:22Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3058","reference_id":"RHSA-2026:3058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3058"},{"reference_url":"https://usn.ubuntu.com/8021-1/","reference_id":"USN-8021-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8021-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925284?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eb4u-x1mt-2uan"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925373?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925282?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925372?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925287?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yv5-qdeg-9bag"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-4s37-h3p7-6uab"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925371?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.13%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.13%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925285?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.16%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.16%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925286?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.18%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yv5-qdeg-9bag"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-4s37-h3p7-6uab"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-xftn-a3dv-muda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.18%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067546?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1102945?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-23876"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvp5-dpj6-byda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20141?format=json","vulnerability_id":"VCID-vaks-d4k5-zue7","summary":"ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript\n## Summary\n\nStack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when writing to MSL format.\n\n## Version\n\n- ImageMagick 7.x (tested on current main branch)\n- Commit: HEAD\n- Requires: libxml2 support (for MSL parsing)\n\n## Steps to Reproduce\n\n### Method 1: Using ImageMagick directly\n\n```bash\nmagick MSL:recursive.msl out.png\n```\n\n### Method 2: Using OSS-Fuzz reproduce\n\n```bash\npython3 infra/helper.py build_fuzzers imagemagick\npython3 infra/helper.py reproduce imagemagick msl_fuzzer recursive.msl\n```\n\nOr run the fuzzer directly:\n```bash\n./msl_fuzzer recursive.msl\n```\n\n## Expected Behavior\n\nImageMagick should handle recursive MSL references gracefully by detecting the loop and returning an error.\n\n## Actual Behavior\n\nStack overflow causes process crash:\n\n```\nAddressSanitizer:DEADLYSIGNAL\n==PID==ERROR: AddressSanitizer: stack-overflow\n    #0 MSLStartElement /src/imagemagick/coders/msl.c:7045\n    #1 xmlParseStartTag /src/libxml2/parser.c\n    #2 xmlParseChunk /src/libxml2/parser.c:11273\n    #3 ProcessMSLScript /src/imagemagick/coders/msl.c:7405\n    #4 WriteMSLImage /src/imagemagick/coders/msl.c:7867\n    #5 WriteImage /src/imagemagick/MagickCore/constitute.c:1346\n    #6 MSLStartElement /src/imagemagick/coders/msl.c:7045\n    ... (infinite recursion, 287+ frames)\n```\n\n## Root Cause Analysis\n\nIn `coders/msl.c`, the `<write>` command handler in `MSLStartElement()` (line ~7045) calls `WriteImage()`. When the output filename specifies MSL format (`msl:filename`), `WriteMSLImage()` is called, which parses the MSL file again via `ProcessMSLScript()`.\n\nIf the MSL file references itself (directly or indirectly), this creates an infinite recursion loop:\n\n```\nMSLStartElement() → WriteImage() → WriteMSLImage() → ProcessMSLScript()\n    → xmlParseChunk() → MSLStartElement() → ... (infinite loop)\n```\n\n## Impact\n\n- **DoS**: Guaranteed crash via stack exhaustion\n- **Affected**: Any application using ImageMagick to process user-supplied MSL files\n\n## Additional Trigger Paths\n\nThe `<read>` command can also trigger recursion:\n\nIndirect recursion is also possible (a.msl → b.msl → a.msl).\n\n## Fuzzer\n\nThis issue was discovered using a custom MSL fuzzer:\n\n```cpp\n#include <cstdint>\n#include <Magick++/Blob.h>\n#include <Magick++/Image.h>\n#include \"utils.cc\"\n\nextern \"C\" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)\n{\n  if (IsInvalidSize(Size))\n    return(0);\n  try\n  {\n    const Magick::Blob blob(Data, Size);\n    Magick::Image image;\n    image.magick(\"MSL\");\n    image.fileName(\"MSL:\");\n    image.read(blob);\n  }\n  catch (Magick::Exception)\n  {\n  }\n  return(0);\n}\n```\n\nThis issue was found by Team FuzzingBrain @ Texas A&M University","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23874.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23874.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23874","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05309","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05134","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0515","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05125","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05041","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05046","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05194","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05225","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05271","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0526","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05051","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0508","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05101","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23874"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-20T21:37:11Z/"}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23874","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23874"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126075","reference_id":"1126075","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431034","reference_id":"2431034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431034"},{"reference_url":"https://github.com/advisories/GHSA-9vj4-wc7r-p844","reference_id":"GHSA-9vj4-wc7r-p844","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vj4-wc7r-p844"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/925284?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eb4u-x1mt-2uan"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925373?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925282?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cpn-zvem-v7gt"},{"vulnerability":"VCID-2zje-ag2v-7kac"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-54da-fzyt-4ud2"},{"vulnerability":"VCID-6h7x-3rue-kucp"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-cuhw-ew1g-s3h2"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-g41y-dv8u-3yf1"},{"vulnerability":"VCID-g679-q851-xub7"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-jcjk-s89c-mbbm"},{"vulnerability":"VCID-n47w-r932-abey"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-r3vw-ncns-cqgb"},{"vulnerability":"VCID-rbdg-vz8x-ykah"},{"vulnerability":"VCID-rjkf-pdny-2fhn"},{"vulnerability":"VCID-sw7g-hxxr-n3e1"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-tv15-dcnu-pbbn"},{"vulnerability":"VCID-utfe-h3b7-jqcj"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-x8c6-9pse-xkc8"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-y58b-be93-hbfd"},{"vulnerability":"VCID-zab9-9tqj-hbhg"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925372?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925287?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yv5-qdeg-9bag"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-4s37-h3p7-6uab"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-a2qm-vkc3-qkd5"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-xftn-a3dv-muda"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925371?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.13%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.13%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925285?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.16%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jc5m-7rvc-2qg6"},{"vulnerability":"VCID-tt6z-t31v-dkdd"},{"vulnerability":"VCID-zvq4-ybph-buga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.16%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/925286?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.18%2Bdfsg1-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yv5-qdeg-9bag"},{"vulnerability":"VCID-381g-7gdr-qydg"},{"vulnerability":"VCID-441f-z9bp-vbdu"},{"vulnerability":"VCID-4s37-h3p7-6uab"},{"vulnerability":"VCID-6v1d-1wfr-vqd1"},{"vulnerability":"VCID-7gb9-gd78-7bdu"},{"vulnerability":"VCID-eeju-vhdm-aqbe"},{"vulnerability":"VCID-egwu-28fp-dye6"},{"vulnerability":"VCID-j6tc-f4fc-mbcv"},{"vulnerability":"VCID-qjxn-gm96-7ygc"},{"vulnerability":"VCID-uvkp-1zss-57gr"},{"vulnerability":"VCID-w9zg-tsbg-afa1"},{"vulnerability":"VCID-xftn-a3dv-muda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.18%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067546?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.19%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.19%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1102945?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.21%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.21%252Bdfsg1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-23874","GHSA-9vj4-wc7r-p844"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vaks-d4k5-zue7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u9%3Fdistro=trixie"}