Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25965 (GCVE-0-2026-25965)
Vulnerability from cvelistv5 – Published: 2026-02-24 01:20 – Updated: 2026-07-15 01:15
VLAI
EPSS
VEX
Title
ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy
Summary
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/ImageMagick/ImageMagick/securi… | x_refsource_CONFIRM |
| https://access.redhat.com/security/cve/CVE-2026-25965 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2442118 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:5573 | vendor-advisoryx_refsource_REDHAT |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| ImageMagick | ImageMagick |
Affected:
>= 7.0.0, < 7.1.2-15
Affected: < 6.9.13-40 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:6.9.10.68-13.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T15:28:41.059459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:29:36.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "ImageMagick",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.9.10.68-13.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "ImageMagick",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-24T01:20:44.175Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ImageMagick. ImageMagick\u0027s path security policy, which is designed to restrict access to certain file paths, is enforced on the raw filename string before the operating system resolves the full path. This allows an attacker to bypass security policies, such as those preventing access to sensitive directories like /etc/*, by using a path traversal technique. This vulnerability enables local file disclosure, allowing an attacker to read sensitive files even when security policies are in place."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:15:47.085Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-25965"
},
{
"name": "RHBZ#2442118",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442118"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25965.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5573"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:5573: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-24T02:02:18.697Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-24T01:20:44.175Z",
"value": "Made public."
}
],
"title": "ImageMagick: ImageMagick: Local File Disclosure via Path Traversal",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "ImageMagick",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.2-15"
},
{
"status": "affected",
"version": "\u003c 6.9.13-40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick\u2019s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one\u0027s policy. This will also be included in ImageMagick\u0027s more secure policies by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T01:20:44.175Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7"
}
],
"source": {
"advisory": "GHSA-8jvj-p28h-9gm7",
"discovery": "UNKNOWN"
},
"title": "ImageMagick\u0027s policy bypass through path traversal allows reading restricted content despite secured policy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25965",
"datePublished": "2026-02-24T01:20:44.175Z",
"dateReserved": "2026-02-09T17:13:54.066Z",
"dateUpdated": "2026-07-15T01:15:47.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-25965",
"date": "2026-07-16",
"epss": "0.00671",
"percentile": "0.47873"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25965\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-24T02:16:01.167\",\"lastModified\":\"2026-07-15T02:18:57.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick\u2019s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one\u0027s policy. This will also be included in ImageMagick\u0027s more secure policies by default.\"},{\"lang\":\"es\",\"value\":\"ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, la pol\u00edtica de seguridad de ruta de ImageMagick se aplica sobre la cadena de nombre de archivo sin procesar antes de que el sistema de archivos la resuelva. Como resultado, una regla de pol\u00edtica como /etc/* puede ser eludida mediante un salto de ruta. El sistema operativo resuelve el salto de ruta y abre el archivo sensible, pero el comparador de pol\u00edticas solo ve la ruta no normalizada y por lo tanto permite la lectura. Esto permite la divulgaci\u00f3n de archivos locales (LFI) incluso cuando se aplica policy-secure.xml. Se han tomado medidas para evitar la lectura de archivos en las versiones .7.1.2-15 y 6.9.13-40. Pero para asegurarse de que la escritura tampoco sea posible, se debe a\u00f1adir lo siguiente a la pol\u00edtica de uno. Esto tambi\u00e9n se incluir\u00e1 en las pol\u00edticas m\u00e1s seguras de ImageMagick por defecto.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"ImageMagick\",\"product\":\"ImageMagick\",\"versions\":[{\"version\":\"\u003e= 7.0.0, \u003c 7.1.2-15\",\"status\":\"affected\"},{\"version\":\"\u003c 6.9.13-40\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7 Extended Lifecycle Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"ImageMagick\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"],\"versions\":[{\"version\":\"0:6.9.10.68-13.el7_9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"ImageMagick\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-02-26T15:28:41.059459Z\",\"id\":\"CVE-2026-25965\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.9.13-40\",\"matchCriteriaId\":\"C6F44A65-1733-4752-AAD0-BCCC7BDBC877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0-0\",\"versionEndExcluding\":\"7.1.2-15\",\"matchCriteriaId\":\"6AFFD439-1068-4B6F-AE01-724AC62CDCEA\"}]}]}],\"references\":[{\"url\":\"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5573\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-25965\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2442118\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25965.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-06-30T04:01:28+00:00",
"cve": "CVE-2026-25965",
"id": "CVE-2026-25965",
"initial_release_date": "2026-02-24T01:20:44.175000+00:00",
"product_status:fixed": "33",
"product_status:known_affected": "7",
"product_status:known_not_affected": "18",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "ImageMagick: ImageMagick: Local File Disclosure via Path Traversal",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25965.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"ImageMagick: ImageMagick: Local File Disclosure via Path Traversal\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7 Extended Lifecycle Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:6.9.10.68-13.el7_9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ImageMagick\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"ImageMagick\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-24T02:02:18.697Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-02-24T01:20:44.175Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:5573: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-02-24T01:20:44.175Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-25965\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2442118\", \"name\": \"RHBZ#2442118\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25965.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5573\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in ImageMagick. ImageMagick\u0027s path security policy, which is designed to restrict access to certain file paths, is enforced on the raw filename string before the operating system resolves the full path. This allows an attacker to bypass security policies, such as those preventing access to sensitive directories like /etc/*, by using a path traversal technique. This vulnerability enables local file disclosure, allowing an attacker to read sensitive files even when security policies are in place.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-15T01:15:47.085Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25965\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-26T15:28:41.059459Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-26T15:29:28.983Z\"}}], \"cna\": {\"title\": \"ImageMagick\u0027s policy bypass through path traversal allows reading restricted content despite secured policy\", \"source\": {\"advisory\": \"GHSA-8jvj-p28h-9gm7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"ImageMagick\", \"product\": \"ImageMagick\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.1.2-15\"}, {\"status\": \"affected\", \"version\": \"\u003c 6.9.13-40\"}]}], \"references\": [{\"url\": \"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7\", \"name\": \"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick\\u2019s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one\u0027s policy. This will also be included in ImageMagick\u0027s more secure policies by default.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-24T01:20:44.175Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25965\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-15T01:15:47.085Z\", \"dateReserved\": \"2026-02-09T17:13:54.066Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-24T01:20:44.175Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2026-0484
Vulnerability from csaf_certbund - Published: 2026-02-23 23:00 - Updated: 2026-06-07 22:00Summary
ImageMagick: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.
Angriff: Ein Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere nicht näher definierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source ImageMagick <6.9.13-40
Open Source / ImageMagick
|
<6.9.13-40 | ||
|
Open Source ImageMagick <7.1.2-15
Open Source / ImageMagick
|
<7.1.2-15 |
References
69 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder andere nicht n\u00e4her definierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0484 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0484.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0484 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0484"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3j4x-rwrx-xxj9"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf84"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56"
},
{
"category": "external",
"summary": "ImageMagick GitHub vom 2026-02-23",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xwc6-v6g8-pw2h"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8069-1 vom 2026-03-04",
"url": "https://ubuntu.com/security/notices/USN-8069-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0854-1 vom 2026-03-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024662.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6158 vom 2026-03-09",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00067.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0852-1 vom 2026-03-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024664.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0851-1 vom 2026-03-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024665.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0853-1 vom 2026-03-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024663.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6159 vom 2026-03-11",
"url": "https://security-tracker.debian.org/tracker/DSA-6159-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0874-1 vom 2026-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024675.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0870-1 vom 2026-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024679.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5573 vom 2026-03-24",
"url": "https://access.redhat.com/errata/RHSA-2026:5573"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8127-1 vom 2026-03-31",
"url": "https://ubuntu.com/security/notices/USN-8127-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20917-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025099.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3211 vom 2026-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3211.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1202-1 vom 2026-04-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025152.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1201-1 vom 2026-04-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025153.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-5573 vom 2026-04-07",
"url": "https://linux.oracle.com/errata/ELSA-2026-5573.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1300-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025314.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6210 vom 2026-04-14",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00120.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4539 vom 2026-04-19",
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00019.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10558-1 vom 2026-04-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BMSWBU7XGK6MZYTE62GVV7BFJIH6PSZU/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-6713 vom 2026-04-21",
"url": "https://linux.oracle.com/errata/ELSA-2026-6713.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1497-1 vom 2026-04-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025482.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20536-1 vom 2026-04-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NMF2OAX6DFB7Y5FTIBCKXM2NDSETBJFT/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6245 vom 2026-05-03",
"url": "https://security-tracker.debian.org/tracker/DSA-6245-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6245 vom 2026-05-04",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00156.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8263-1 vom 2026-05-12",
"url": "https://ubuntu.com/security/notices/USN-8263-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-17618 vom 2026-06-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-17618.html"
}
],
"source_lang": "en-US",
"title": "ImageMagick: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-07T22:00:00.000+00:00",
"generator": {
"date": "2026-06-08T09:31:09.814+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0484",
"initial_release_date": "2026-02-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-7439, EUVD-2026-7440, EUVD-2026-7425, EUVD-2026-7427, EUVD-2026-7429, EUVD-2026-7431, EUVD-2026-7435, EUVD-2026-7424, EUVD-2026-7436, EUVD-2026-7446, EUVD-2026-7456, EUVD-2026-7437, EUVD-2026-7438, EUVD-2026-7441, EUVD-2026-7442, EUVD-2026-7445, EUVD-2026-7447, EUVD-2026-7448, EUVD-2026-7449, EUVD-2026-7450, EUVD-2026-7454, EUVD-2026-7459, EUVD-2026-7460"
},
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "3",
"summary": "CVE-2026-25984 erg\u00e4nzt"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-03-09T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2026-03-10T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-03-11T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-04-01T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2026-04-07T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
},
{
"date": "2026-04-13T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-04-19T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Debian und openSUSE aufgenommen"
},
{
"date": "2026-04-20T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-06-07T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "19"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.1.2-15",
"product": {
"name": "Open Source ImageMagick \u003c7.1.2-15",
"product_id": "T051110"
}
},
{
"category": "product_version",
"name": "7.1.2-15",
"product": {
"name": "Open Source ImageMagick 7.1.2-15",
"product_id": "T051110-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:imagemagick:imagemagick:7.1.2-15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.9.13-40",
"product": {
"name": "Open Source ImageMagick \u003c6.9.13-40",
"product_id": "T051111"
}
},
{
"category": "product_version",
"name": "6.9.13-40",
"product": {
"name": "Open Source ImageMagick 6.9.13-40",
"product_id": "T051111-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:imagemagick:imagemagick:6.9.13-40"
}
}
}
],
"category": "product_name",
"name": "ImageMagick"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-24481",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-24481"
},
{
"cve": "CVE-2026-24484",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-24484"
},
{
"cve": "CVE-2026-24485",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-24485"
},
{
"cve": "CVE-2026-25576",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25576"
},
{
"cve": "CVE-2026-25637",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25637"
},
{
"cve": "CVE-2026-25638",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25638"
},
{
"cve": "CVE-2026-25794",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25794"
},
{
"cve": "CVE-2026-25795",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25795"
},
{
"cve": "CVE-2026-25796",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25796"
},
{
"cve": "CVE-2026-25797",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25797"
},
{
"cve": "CVE-2026-25798",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25798"
},
{
"cve": "CVE-2026-25799",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25799"
},
{
"cve": "CVE-2026-25897",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25897"
},
{
"cve": "CVE-2026-25898",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25898"
},
{
"cve": "CVE-2026-25965",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25965"
},
{
"cve": "CVE-2026-25966",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25966"
},
{
"cve": "CVE-2026-25967",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25967"
},
{
"cve": "CVE-2026-25968",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25968"
},
{
"cve": "CVE-2026-25969",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25969"
},
{
"cve": "CVE-2026-25970",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25970"
},
{
"cve": "CVE-2026-25971",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25971"
},
{
"cve": "CVE-2026-25982",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25982"
},
{
"cve": "CVE-2026-25983",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25983"
},
{
"cve": "CVE-2026-25984",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25984"
},
{
"cve": "CVE-2026-25985",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25985"
},
{
"cve": "CVE-2026-25986",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25986"
},
{
"cve": "CVE-2026-25987",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25987"
},
{
"cve": "CVE-2026-25988",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25988"
},
{
"cve": "CVE-2026-25989",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-25989"
},
{
"cve": "CVE-2026-26066",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-26066"
},
{
"cve": "CVE-2026-26283",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-26283"
},
{
"cve": "CVE-2026-26284",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-26284"
},
{
"cve": "CVE-2026-26983",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T051111",
"T051110"
]
},
"release_date": "2026-02-23T23:00:00.000+00:00",
"title": "CVE-2026-26983"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…