GHSA-cwpj-h54c-xjpxMediumCVSS 5.3
ImageMagick: Policy Bypass in PSD decoder
🔗 CVE IDs covered (1)
📋 Description
Due to a missing check in the PSD decoder it would be possible to bypass the `list-length` resource policy when decoding a PSD image. Other security limits would still apply.
🎯 Affected products18
- nuget/Magick.NET-Q16-AnyCPU:< 14.13.1
- nuget/Magick.NET-Q16-HDRI-AnyCPU:< 14.13.1
- nuget/Magick.NET-Q16-HDRI-OpenMP-arm64:< 14.13.1
- nuget/Magick.NET-Q16-HDRI-OpenMP-x64:< 14.13.1
- nuget/Magick.NET-Q16-HDRI-arm64:< 14.13.1
- nuget/Magick.NET-Q16-HDRI-x64:< 14.13.1
- nuget/Magick.NET-Q16-HDRI-x86:< 14.13.1
- nuget/Magick.NET-Q16-OpenMP-arm64:< 14.13.1
- nuget/Magick.NET-Q16-OpenMP-x64:< 14.13.1
- nuget/Magick.NET-Q16-arm64:< 14.13.1
- nuget/Magick.NET-Q16-x64:< 14.13.1
- nuget/Magick.NET-Q16-x86:< 14.13.1
- nuget/Magick.NET-Q8-AnyCPU:< 14.13.1
- nuget/Magick.NET-Q8-OpenMP-arm64:< 14.13.1
- nuget/Magick.NET-Q8-OpenMP-x64:< 14.13.1
- nuget/Magick.NET-Q8-arm64:< 14.13.1
- nuget/Magick.NET-Q8-x64:< 14.13.1
- nuget/Magick.NET-Q8-x86:< 14.13.1