PT-2026-23904 — Improper Encoding or Escaping of Output in Nuget Magick.Net-Q16-Anycpu+18

PT-2026-23904 · Nuget · Magick.Net-Q16-Anycpu+18

Published

2026-02-25

Updated

2026-02-25

CVSS v3.1

0.0

None

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

An attacker can inject arbitrary MVG (Magick Vector Graphics) drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rendering.

Fix

Improper Encoding or Escaping of Output

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-77

Related Identifiers

GHSA-XPG8-7M6M-JF56

Affected Products

Magick.Net-Q16-Anycpu

Magick.Net-Q16-Hdri-Anycpu

Magick.Net-Q16-Hdri-Openmp-Arm64

Magick.Net-Q16-Hdri-Openmp-X64

Magick.Net-Q16-Hdri-Arm64

Magick.Net-Q16-Hdri-X64

Magick.Net-Q16-Hdri-X86

Magick.Net-Q16-Openmp-Arm64

Magick.Net-Q16-Openmp-X64

Magick.Net-Q16-Openmp-X86

Magick.Net-Q16-Arm64

Magick.Net-Q16-X64

Magick.Net-Q16-X86

Magick.Net-Q8-Anycpu

Magick.Net-Q8-Openmp-Arm64

Magick.Net-Q8-Openmp-X64

Magick.Net-Q8-Arm64

Magick.Net-Q8-X64

Magick.Net-Q8-X86

PT-2026-23904 · Nuget · Magick.Net-Q16-Anycpu+18

Weakness Enumeration

Related Identifiers

Affected Products

References · 5