Skip to content

Commit 439ad36

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-8vfj-q2cp-5m5j GHSA-fcpv-w245-r2q7 GHSA-hw5x-4r37-72w7 GHSA-jq2f-59pj-p3m3 GHSA-pmpg-6pww-fg6q GHSA-pq96-pwvg-vrr9 GHSA-x928-4434-crqj
1 parent 95a5659 commit 439ad36

File tree

7 files changed

+1379
-0
lines changed

7 files changed

+1379
-0
lines changed

advisories/github-reviewed/2026/04/GHSA-8vfj-q2cp-5m5j/GHSA-8vfj-q2cp-5m5j.json

Lines changed: 378 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,378 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8vfj-q2cp-5m5j",
4+
"modified": "2026-04-14T23:32:22Z",
5+
"published": "2026-04-14T23:32:22Z",
6+
"aliases": [],
7+
"summary": "ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value",
8+
"details": "An unrecognized magnify:method will result in an out of bounds read in the magnify operation.\n\n```\n==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000b30\nREAD of size 4 at 0x61a000000b30 thread T0\n```",
9+
"severity": [
10+
{
11+
"type": "CVSS_V3",
12+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
13+
}
14+
],
15+
"affected": [
16+
{
17+
"package": {
18+
"ecosystem": "NuGet",
19+
"name": "Magick.NET-Q16-AnyCPU"
20+
},
21+
"ranges": [
22+
{
23+
"type": "ECOSYSTEM",
24+
"events": [
25+
{
26+
"introduced": "0"
27+
},
28+
{
29+
"fixed": "14.20.0"
30+
}
31+
]
32+
}
33+
]
34+
},
35+
{
36+
"package": {
37+
"ecosystem": "NuGet",
38+
"name": "Magick.NET-Q16-HDRI-AnyCPU"
39+
},
40+
"ranges": [
41+
{
42+
"type": "ECOSYSTEM",
43+
"events": [
44+
{
45+
"introduced": "0"
46+
},
47+
{
48+
"fixed": "14.20.0"
49+
}
50+
]
51+
}
52+
]
53+
},
54+
{
55+
"package": {
56+
"ecosystem": "NuGet",
57+
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
58+
},
59+
"ranges": [
60+
{
61+
"type": "ECOSYSTEM",
62+
"events": [
63+
{
64+
"introduced": "0"
65+
},
66+
{
67+
"fixed": "14.20.0"
68+
}
69+
]
70+
}
71+
]
72+
},
73+
{
74+
"package": {
75+
"ecosystem": "NuGet",
76+
"name": "Magick.NET-Q16-HDRI-arm64"
77+
},
78+
"ranges": [
79+
{
80+
"type": "ECOSYSTEM",
81+
"events": [
82+
{
83+
"introduced": "0"
84+
},
85+
{
86+
"fixed": "14.20.0"
87+
}
88+
]
89+
}
90+
]
91+
},
92+
{
93+
"package": {
94+
"ecosystem": "NuGet",
95+
"name": "Magick.NET-Q16-HDRI-x64"
96+
},
97+
"ranges": [
98+
{
99+
"type": "ECOSYSTEM",
100+
"events": [
101+
{
102+
"introduced": "0"
103+
},
104+
{
105+
"fixed": "14.20.0"
106+
}
107+
]
108+
}
109+
]
110+
},
111+
{
112+
"package": {
113+
"ecosystem": "NuGet",
114+
"name": "Magick.NET-Q16-HDRI-x86"
115+
},
116+
"ranges": [
117+
{
118+
"type": "ECOSYSTEM",
119+
"events": [
120+
{
121+
"introduced": "0"
122+
},
123+
{
124+
"fixed": "14.20.0"
125+
}
126+
]
127+
}
128+
]
129+
},
130+
{
131+
"package": {
132+
"ecosystem": "NuGet",
133+
"name": "Magick.NET-Q16-OpenMP-arm64"
134+
},
135+
"ranges": [
136+
{
137+
"type": "ECOSYSTEM",
138+
"events": [
139+
{
140+
"introduced": "0"
141+
},
142+
{
143+
"fixed": "14.20.0"
144+
}
145+
]
146+
}
147+
]
148+
},
149+
{
150+
"package": {
151+
"ecosystem": "NuGet",
152+
"name": "Magick.NET-Q16-OpenMP-x64"
153+
},
154+
"ranges": [
155+
{
156+
"type": "ECOSYSTEM",
157+
"events": [
158+
{
159+
"introduced": "0"
160+
},
161+
{
162+
"fixed": "14.20.0"
163+
}
164+
]
165+
}
166+
]
167+
},
168+
{
169+
"package": {
170+
"ecosystem": "NuGet",
171+
"name": "Magick.NET-Q16-arm64"
172+
},
173+
"ranges": [
174+
{
175+
"type": "ECOSYSTEM",
176+
"events": [
177+
{
178+
"introduced": "0"
179+
},
180+
{
181+
"fixed": "14.20.0"
182+
}
183+
]
184+
}
185+
]
186+
},
187+
{
188+
"package": {
189+
"ecosystem": "NuGet",
190+
"name": "Magick.NET-Q16-x64"
191+
},
192+
"ranges": [
193+
{
194+
"type": "ECOSYSTEM",
195+
"events": [
196+
{
197+
"introduced": "0"
198+
},
199+
{
200+
"fixed": "14.20.0"
201+
}
202+
]
203+
}
204+
]
205+
},
206+
{
207+
"package": {
208+
"ecosystem": "NuGet",
209+
"name": "Magick.NET-Q16-x86"
210+
},
211+
"ranges": [
212+
{
213+
"type": "ECOSYSTEM",
214+
"events": [
215+
{
216+
"introduced": "0"
217+
},
218+
{
219+
"fixed": "14.20.0"
220+
}
221+
]
222+
}
223+
]
224+
},
225+
{
226+
"package": {
227+
"ecosystem": "NuGet",
228+
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
229+
},
230+
"ranges": [
231+
{
232+
"type": "ECOSYSTEM",
233+
"events": [
234+
{
235+
"introduced": "0"
236+
},
237+
{
238+
"fixed": "14.20.0"
239+
}
240+
]
241+
}
242+
]
243+
},
244+
{
245+
"package": {
246+
"ecosystem": "NuGet",
247+
"name": "Magick.NET-Q8-AnyCPU"
248+
},
249+
"ranges": [
250+
{
251+
"type": "ECOSYSTEM",
252+
"events": [
253+
{
254+
"introduced": "0"
255+
},
256+
{
257+
"fixed": "14.20.0"
258+
}
259+
]
260+
}
261+
]
262+
},
263+
{
264+
"package": {
265+
"ecosystem": "NuGet",
266+
"name": "Magick.NET-Q8-OpenMP-arm64"
267+
},
268+
"ranges": [
269+
{
270+
"type": "ECOSYSTEM",
271+
"events": [
272+
{
273+
"introduced": "0"
274+
},
275+
{
276+
"fixed": "14.20.0"
277+
}
278+
]
279+
}
280+
]
281+
},
282+
{
283+
"package": {
284+
"ecosystem": "NuGet",
285+
"name": "Magick.NET-Q8-OpenMP-x64"
286+
},
287+
"ranges": [
288+
{
289+
"type": "ECOSYSTEM",
290+
"events": [
291+
{
292+
"introduced": "0"
293+
},
294+
{
295+
"fixed": "14.20.0"
296+
}
297+
]
298+
}
299+
]
300+
},
301+
{
302+
"package": {
303+
"ecosystem": "NuGet",
304+
"name": "Magick.NET-Q8-arm64"
305+
},
306+
"ranges": [
307+
{
308+
"type": "ECOSYSTEM",
309+
"events": [
310+
{
311+
"introduced": "0"
312+
},
313+
{
314+
"fixed": "14.20.0"
315+
}
316+
]
317+
}
318+
]
319+
},
320+
{
321+
"package": {
322+
"ecosystem": "NuGet",
323+
"name": "Magick.NET-Q8-x64"
324+
},
325+
"ranges": [
326+
{
327+
"type": "ECOSYSTEM",
328+
"events": [
329+
{
330+
"introduced": "0"
331+
},
332+
{
333+
"fixed": "14.20.0"
334+
}
335+
]
336+
}
337+
]
338+
},
339+
{
340+
"package": {
341+
"ecosystem": "NuGet",
342+
"name": "Magick.NET-Q8-x86"
343+
},
344+
"ranges": [
345+
{
346+
"type": "ECOSYSTEM",
347+
"events": [
348+
{
349+
"introduced": "0"
350+
},
351+
{
352+
"fixed": "14.20.0"
353+
}
354+
]
355+
}
356+
]
357+
}
358+
],
359+
"references": [
360+
{
361+
"type": "WEB",
362+
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8vfj-q2cp-5m5j"
363+
},
364+
{
365+
"type": "PACKAGE",
366+
"url": "https://github.com/ImageMagick/ImageMagick"
367+
}
368+
],
369+
"database_specific": {
370+
"cwe_ids": [
371+
"CWE-122"
372+
],
373+
"severity": "LOW",
374+
"github_reviewed": true,
375+
"github_reviewed_at": "2026-04-14T23:32:22Z",
376+
"nvd_published_at": null
377+
}
378+
}

0 commit comments

Comments
 (0)