Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2a7w-exv1-rkgj
Summary
ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)
In `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash.

```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1414421==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x56260222912f bp 0x7ffec0a193b0 sp 0x7ffec0a19360 T0)
Aliases
0
alias CVE-2026-25795
1
alias GHSA-p33r-fqw2-rqmm
Fixed_packages
0
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=aarch64&distroversion=v3.22&reponame=community
1
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=armhf&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=armhf&distroversion=v3.22&reponame=community
2
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=armv7&distroversion=v3.22&reponame=community
3
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community
4
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community
5
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=riscv64&distroversion=v3.22&reponame=community
6
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=s390x&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=s390x&distroversion=v3.22&reponame=community
7
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86_64&distroversion=v3.22&reponame=community
8
url pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/imagemagick@7.1.2.15-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/imagemagick@7.1.2.15-r0%3Farch=x86&distroversion=v3.22&reponame=community
9
url pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u10?distro=trixie
purl pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u10%3Fdistro=trixie
10
url pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axx3-j8e3-8qgv
1
vulnerability VCID-fxh3-2w92-8qch
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u4%3Fdistro=trixie
11
url pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7?distro=trixie
purl pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u7%3Fdistro=trixie
12
url pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9?distro=trixie
purl pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxh3-2w92-8qch
1
vulnerability VCID-va53-u4q9-pkfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9%3Fdistro=trixie
13
url pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u6?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u6%3Fdistro=trixie
14
url pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fxh3-2w92-8qch
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8%3Fdistro=trixie
15
url pkg:deb/debian/imagemagick@8:7.1.2.15%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.2.15%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.15%252Bdfsg1-1%3Fdistro=trixie
16
url pkg:deb/debian/imagemagick@8:7.1.2.23%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.2.23%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.23%252Bdfsg1-1%3Fdistro=trixie
17
url pkg:deb/debian/imagemagick@8:7.1.2.24%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/imagemagick@8:7.1.2.24%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.24%252Bdfsg1-1%3Fdistro=trixie
18
url pkg:nuget/magick.net-q16-anycpu@14.10.3
purl pkg:nuget/magick.net-q16-anycpu@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-anycpu@14.10.3
19
url pkg:nuget/Magick.NET-Q16-AnyCPU@14.10.3
purl pkg:nuget/Magick.NET-Q16-AnyCPU@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-AnyCPU@14.10.3
20
url pkg:nuget/Magick.NET-Q16-arm64@14.10.3
purl pkg:nuget/Magick.NET-Q16-arm64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-arm64@14.10.3
21
url pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3
purl pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3
22
url pkg:nuget/Magick.NET-Q16-HDRI-AnyCPU@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-AnyCPU@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-AnyCPU@14.10.3
23
url pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3
24
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3
25
url pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3
26
url pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3
27
url pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3
purl pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3
28
url pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3
purl pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3
29
url pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3
30
url pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3
purl pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3
31
url pkg:nuget/Magick.NET-Q16-x86@14.10.3
purl pkg:nuget/Magick.NET-Q16-x86@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-x86@14.10.3
32
url pkg:nuget/magick.net-q8-anycpu@14.10.3
purl pkg:nuget/magick.net-q8-anycpu@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-anycpu@14.10.3
33
url pkg:nuget/Magick.NET-Q8-AnyCPU@14.10.3
purl pkg:nuget/Magick.NET-Q8-AnyCPU@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-AnyCPU@14.10.3
34
url pkg:nuget/Magick.NET-Q8-arm64@14.10.3
purl pkg:nuget/Magick.NET-Q8-arm64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-arm64@14.10.3
35
url pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3
purl pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3
36
url pkg:nuget/magick.net-q8-openmp-x64@14.10.3
purl pkg:nuget/magick.net-q8-openmp-x64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.3
37
url pkg:nuget/Magick.NET-Q8-OpenMP-x64@14.10.3
purl pkg:nuget/Magick.NET-Q8-OpenMP-x64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-OpenMP-x64@14.10.3
38
url pkg:nuget/magick.net-q8-x64@14.10.3
purl pkg:nuget/magick.net-q8-x64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.3
39
url pkg:nuget/Magick.NET-Q8-x64@14.10.3
purl pkg:nuget/Magick.NET-Q8-x64@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-x64@14.10.3
40
url pkg:nuget/Magick.NET-Q8-x86@14.10.3
purl pkg:nuget/Magick.NET-Q8-x86@14.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-x86@14.10.3
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25795.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25795
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.06025
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25795
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
4
reference_url https://github.com/ImageMagick/ImageMagick
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick
5
reference_url https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50
6
reference_url https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442099
reference_id 2442099
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442099
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25795
reference_id CVE-2026-25795
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25795
9
reference_url https://github.com/advisories/GHSA-p33r-fqw2-rqmm
reference_id GHSA-p33r-fqw2-rqmm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p33r-fqw2-rqmm
10
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
reference_id GHSA-p33r-fqw2-rqmm
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T15:07:57Z/
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
11
reference_url https://usn.ubuntu.com/8127-1/
reference_id USN-8127-1
reference_type
scores
url https://usn.ubuntu.com/8127-1/
12
reference_url https://usn.ubuntu.com/8263-1/
reference_id USN-8263-1
reference_type
scores
url https://usn.ubuntu.com/8263-1/
Weaknesses
0
cwe_id 476
name NULL Pointer Dereference
description A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2a7w-exv1-rkgj