Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v8sf-9pty-aqh4
Vulnerability ID VCID-v8sf-9pty-aqh4
Aliases GHSA-wgxp-q8xq-wpp9
Summary ImageMagick: Malicious PCD files trigger 1‑byte heap Out-of-bounds Read and DoS The PCD coder’s DecodeImage loop allows a crafted PCD file to trigger a 1‑byte heap out-of-bounds read when decoding an image (Denial of service) and potential disclosure of adjacent heap byte.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-125 Out-of-bounds Read
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
https://github.com/ImageMagick/ImageMagick
https://github.com/ImageMagick/ImageMagick/commit/436e5d2589e3c0adc10d9aa189e81d5d088d8207
GHSA-wgxp-q8xq-wpp9 https://github.com/advisories/GHSA-wgxp-q8xq-wpp9
GHSA-wgxp-q8xq-wpp9 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:50:44.601416+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/magick.net-q16-hdri-anycpu/GHSA-wgxp-q8xq-wpp9.yml 38.6.0