Skip to content

Commit a33df0b

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-6jwv-w5xf-7j27 GHSA-cr67-pvmx-2pp2 GHSA-p5w6-75f9-cc2p GHSA-w6m9-39cv-2fwp
1 parent 2da6e13 commit a33df0b

File tree

4 files changed

+504
-3
lines changed

4 files changed

+504
-3
lines changed

advisories/github-reviewed/2026/04/GHSA-6jwv-w5xf-7j27/GHSA-6jwv-w5xf-7j27.json

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6jwv-w5xf-7j27",
4-
"modified": "2026-04-08T00:15:13Z",
4+
"modified": "2026-04-13T19:32:09Z",
55
"published": "2026-04-06T21:31:34Z",
6+
"withdrawn": "2026-04-13T19:32:09Z",
67
"aliases": [
78
"CVE-2026-33817"
89
],
9-
"summary": "go.etcd.io/bbolt affected by index out-of-range vulnerability",
10-
"details": "Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt",
10+
"summary": "Withdrawn Advisory: go.etcd.io/bbolt affected by index out-of-range vulnerability",
11+
"details": "### Withdrawn Advisory\nThis advisory has been withdrawn because its CVE Numbering Authority has determined this issue to be a false positive. This link is maintained to preserve external references.\n\n### Original Description\nIndex out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt",
1112
"severity": [
1213
{
1314
"type": "CVSS_V3",

advisories/github-reviewed/2026/04/GHSA-cr67-pvmx-2pp2/GHSA-cr67-pvmx-2pp2.json

Lines changed: 374 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,374 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-cr67-pvmx-2pp2",
4+
"modified": "2026-04-13T19:33:00Z",
5+
"published": "2026-04-13T19:33:00Z",
6+
"aliases": [
7+
"CVE-2026-33899"
8+
],
9+
"summary": "ImageMagick has a heap-Buffer-Overflow write of a single zero byte when parsing xml.",
10+
"details": "When `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "NuGet",
21+
"name": "Magick.NET-Q16-AnyCPU"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "14.12.0"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "NuGet",
40+
"name": "Magick.NET-Q16-HDRI-AnyCPU"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0"
48+
},
49+
{
50+
"fixed": "14.12.0"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "NuGet",
59+
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "0"
67+
},
68+
{
69+
"fixed": "14.12.0"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "NuGet",
78+
"name": "Magick.NET-Q16-HDRI-arm64"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "0"
86+
},
87+
{
88+
"fixed": "14.12.0"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "NuGet",
97+
"name": "Magick.NET-Q16-HDRI-x64"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "0"
105+
},
106+
{
107+
"fixed": "14.12.0"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "NuGet",
116+
"name": "Magick.NET-Q16-HDRI-x86"
117+
},
118+
"ranges": [
119+
{
120+
"type": "ECOSYSTEM",
121+
"events": [
122+
{
123+
"introduced": "0"
124+
},
125+
{
126+
"fixed": "14.12.0"
127+
}
128+
]
129+
}
130+
]
131+
},
132+
{
133+
"package": {
134+
"ecosystem": "NuGet",
135+
"name": "Magick.NET-Q16-OpenMP-arm64"
136+
},
137+
"ranges": [
138+
{
139+
"type": "ECOSYSTEM",
140+
"events": [
141+
{
142+
"introduced": "0"
143+
},
144+
{
145+
"fixed": "14.12.0"
146+
}
147+
]
148+
}
149+
]
150+
},
151+
{
152+
"package": {
153+
"ecosystem": "NuGet",
154+
"name": "Magick.NET-Q16-OpenMP-x64"
155+
},
156+
"ranges": [
157+
{
158+
"type": "ECOSYSTEM",
159+
"events": [
160+
{
161+
"introduced": "0"
162+
},
163+
{
164+
"fixed": "14.12.0"
165+
}
166+
]
167+
}
168+
]
169+
},
170+
{
171+
"package": {
172+
"ecosystem": "NuGet",
173+
"name": "Magick.NET-Q16-arm64"
174+
},
175+
"ranges": [
176+
{
177+
"type": "ECOSYSTEM",
178+
"events": [
179+
{
180+
"introduced": "0"
181+
},
182+
{
183+
"fixed": "14.12.0"
184+
}
185+
]
186+
}
187+
]
188+
},
189+
{
190+
"package": {
191+
"ecosystem": "NuGet",
192+
"name": "Magick.NET-Q16-x64"
193+
},
194+
"ranges": [
195+
{
196+
"type": "ECOSYSTEM",
197+
"events": [
198+
{
199+
"introduced": "0"
200+
},
201+
{
202+
"fixed": "14.12.0"
203+
}
204+
]
205+
}
206+
]
207+
},
208+
{
209+
"package": {
210+
"ecosystem": "NuGet",
211+
"name": "Magick.NET-Q16-x86"
212+
},
213+
"ranges": [
214+
{
215+
"type": "ECOSYSTEM",
216+
"events": [
217+
{
218+
"introduced": "0"
219+
},
220+
{
221+
"fixed": "14.12.0"
222+
}
223+
]
224+
}
225+
]
226+
},
227+
{
228+
"package": {
229+
"ecosystem": "NuGet",
230+
"name": "Magick.NET-Q8-AnyCPU"
231+
},
232+
"ranges": [
233+
{
234+
"type": "ECOSYSTEM",
235+
"events": [
236+
{
237+
"introduced": "0"
238+
},
239+
{
240+
"fixed": "14.12.0"
241+
}
242+
]
243+
}
244+
]
245+
},
246+
{
247+
"package": {
248+
"ecosystem": "NuGet",
249+
"name": "Magick.NET-Q8-OpenMP-arm64"
250+
},
251+
"ranges": [
252+
{
253+
"type": "ECOSYSTEM",
254+
"events": [
255+
{
256+
"introduced": "0"
257+
},
258+
{
259+
"fixed": "14.12.0"
260+
}
261+
]
262+
}
263+
]
264+
},
265+
{
266+
"package": {
267+
"ecosystem": "NuGet",
268+
"name": "Magick.NET-Q8-OpenMP-x64"
269+
},
270+
"ranges": [
271+
{
272+
"type": "ECOSYSTEM",
273+
"events": [
274+
{
275+
"introduced": "0"
276+
},
277+
{
278+
"fixed": "14.12.0"
279+
}
280+
]
281+
}
282+
]
283+
},
284+
{
285+
"package": {
286+
"ecosystem": "NuGet",
287+
"name": "Magick.NET-Q8-arm64"
288+
},
289+
"ranges": [
290+
{
291+
"type": "ECOSYSTEM",
292+
"events": [
293+
{
294+
"introduced": "0"
295+
},
296+
{
297+
"fixed": "14.12.0"
298+
}
299+
]
300+
}
301+
]
302+
},
303+
{
304+
"package": {
305+
"ecosystem": "NuGet",
306+
"name": "Magick.NET-Q8-x64"
307+
},
308+
"ranges": [
309+
{
310+
"type": "ECOSYSTEM",
311+
"events": [
312+
{
313+
"introduced": "0"
314+
},
315+
{
316+
"fixed": "14.12.0"
317+
}
318+
]
319+
}
320+
]
321+
},
322+
{
323+
"package": {
324+
"ecosystem": "NuGet",
325+
"name": "Magick.NET-Q8-x86"
326+
},
327+
"ranges": [
328+
{
329+
"type": "ECOSYSTEM",
330+
"events": [
331+
{
332+
"introduced": "0"
333+
},
334+
{
335+
"fixed": "14.12.0"
336+
}
337+
]
338+
}
339+
]
340+
}
341+
],
342+
"references": [
343+
{
344+
"type": "WEB",
345+
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2"
346+
},
347+
{
348+
"type": "WEB",
349+
"url": "https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d"
350+
},
351+
{
352+
"type": "PACKAGE",
353+
"url": "https://github.com/ImageMagick/ImageMagick"
354+
},
355+
{
356+
"type": "WEB",
357+
"url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-19"
358+
},
359+
{
360+
"type": "WEB",
361+
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.12.0"
362+
}
363+
],
364+
"database_specific": {
365+
"cwe_ids": [
366+
"CWE-122",
367+
"CWE-191"
368+
],
369+
"severity": "MODERATE",
370+
"github_reviewed": true,
371+
"github_reviewed_at": "2026-04-13T19:33:00Z",
372+
"nvd_published_at": null
373+
}
374+
}

0 commit comments

Comments
 (0)