{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50311?format=json","vulnerability_id":"VCID-5e5g-55d6-3yev","summary":"ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder\nA crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort.\n\nFound via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer.","aliases":[{"alias":"CVE-2026-25985"},{"alias":"GHSA-v7g2-m8c5-mf84"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99005?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hr11-5edt-5ugu"},{"vulnerability":"VCID-z5ve-fkb6-8yhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99326?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.3%2Bdeb11u11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.3%252Bdeb11u11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99325?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99003?format=json","purl":"pkg:deb/debian/imagemagick@8:6.9.11.60%2Bdfsg-1.6%2Bdeb12u9?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-z5ve-fkb6-8yhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:6.9.11.60%252Bdfsg-1.6%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99324?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99008?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.1.43%2Bdfsg1-1%2Bdeb13u8?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-z5ve-fkb6-8yhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.1.43%252Bdfsg1-1%252Bdeb13u8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99323?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.15%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.15%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99006?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.23%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.23%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99007?format=json","purl":"pkg:deb/debian/imagemagick@8:7.1.2.24%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imagemagick@8:7.1.2.24%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/74226?format=json","purl":"pkg:nuget/magick.net-q16-anycpu@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-anycpu@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/111864?format=json","purl":"pkg:nuget/Magick.NET-Q16-AnyCPU@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-AnyCPU@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74207?format=json","purl":"pkg:nuget/Magick.NET-Q16-arm64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-arm64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74211?format=json","purl":"pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-hdri-anycpu@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/111865?format=json","purl":"pkg:nuget/Magick.NET-Q16-HDRI-AnyCPU@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-AnyCPU@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74217?format=json","purl":"pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-arm64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74219?format=json","purl":"pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-arm64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74206?format=json","purl":"pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-OpenMP-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74213?format=json","purl":"pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74221?format=json","purl":"pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-HDRI-x86@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74209?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-arm64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74215?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74220?format=json","purl":"pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-OpenMP-x86@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74224?format=json","purl":"pkg:nuget/magick.net-q16-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q16-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/111866?format=json","purl":"pkg:nuget/Magick.NET-Q16-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74218?format=json","purl":"pkg:nuget/Magick.NET-Q16-x86@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-x86@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74223?format=json","purl":"pkg:nuget/magick.net-q8-anycpu@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-anycpu@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/111870?format=json","purl":"pkg:nuget/Magick.NET-Q8-AnyCPU@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-AnyCPU@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74212?format=json","purl":"pkg:nuget/Magick.NET-Q8-arm64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-arm64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74225?format=json","purl":"pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-OpenMP-arm64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74208?format=json","purl":"pkg:nuget/magick.net-q8-openmp-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-openmp-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/111875?format=json","purl":"pkg:nuget/Magick.NET-Q8-OpenMP-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-OpenMP-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74216?format=json","purl":"pkg:nuget/magick.net-q8-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/magick.net-q8-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/111876?format=json","purl":"pkg:nuget/Magick.NET-Q8-x64@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-x64@14.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74214?format=json","purl":"pkg:nuget/Magick.NET-Q8-x86@14.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q8-x86@14.10.3"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93618?format=json","purl":"pkg:rpm/redhat/ImageMagick@6.9.10.68-13?arch=el7_9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e5g-55d6-3yev"},{"vulnerability":"VCID-u59k-v6pm-qud3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ImageMagick@6.9.10.68-13%3Farch=el7_9"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25985.json"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"},{"reference_url":"https://github.com/ImageMagick/ImageMagick","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442127","reference_id":"2442127","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442127"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25985","reference_id":"CVE-2026-25985","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25985"},{"reference_url":"https://github.com/advisories/GHSA-v7g2-m8c5-mf84","reference_id":"GHSA-v7g2-m8c5-mf84","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v7g2-m8c5-mf84"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84","reference_id":"GHSA-v7g2-m8c5-mf84","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5573","reference_id":"RHSA-2026:5573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5573"}],"weaknesses":[{"cwe_id":770,"name":"Allocation of Resources Without Limits or Throttling","description":"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor."},{"cwe_id":789,"name":"Memory Allocation with Excessive Size Value","description":"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e5g-55d6-3yev"}