PT-2026-23898 — Use After Free in Nuget Magick.Net-Q16-Anycpu+18

PT-2026-23898 · Nuget · Magick.Net-Q16-Anycpu+18

Published

2026-02-25

Updated

2026-02-25

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

A use-after-free vulnerability exists in the PDB decoder that will use a stale pointer when a memory allocation fails and that could result in a crash or a single zero byte write.

==4033155==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x5589c1971b24 bp 0x7ffdcc7ae2d0 sp 0x7ffdcc7adb20 T0)

==4034812==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f099e9f7800 at pc 0x5605d909ab20 bp 0x7ffe52045b50 sp 0x7ffe52045b40
WRITE of size 1 at 0x7f099e9f7800 thread T0

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

GHSA-3J4X-RWRX-XXJ9

Affected Products

Magick.Net-Q16-Anycpu

Magick.Net-Q16-Hdri-Anycpu

Magick.Net-Q16-Hdri-Openmp-Arm64

Magick.Net-Q16-Hdri-Openmp-X64

Magick.Net-Q16-Hdri-Arm64

Magick.Net-Q16-Hdri-X64

Magick.Net-Q16-Hdri-X86

Magick.Net-Q16-Openmp-Arm64

Magick.Net-Q16-Openmp-X64

Magick.Net-Q16-Openmp-X86

Magick.Net-Q16-Arm64

Magick.Net-Q16-X64

Magick.Net-Q16-X86

Magick.Net-Q8-Anycpu

Magick.Net-Q8-Openmp-Arm64

Magick.Net-Q8-Openmp-X64

Magick.Net-Q8-Arm64

Magick.Net-Q8-X64

Magick.Net-Q8-X86

PT-2026-23898 · Nuget · Magick.Net-Q16-Anycpu+18

Weakness Enumeration

Related Identifiers

Affected Products

References · 5