CVE-2026-45031

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply.

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2026-45031

GHSA-CWPJ-H54C-XJPX

Affected Products

Magick.Net-Q16-Anycpu

Magick.Net-Q16-Hdri-Anycpu

Magick.Net-Q16-Hdri-Openmp-Arm64

Magick.Net-Q16-Hdri-Openmp-X64

Magick.Net-Q16-Hdri-Arm64

Magick.Net-Q16-Hdri-X64

Magick.Net-Q16-Hdri-X86

Magick.Net-Q16-Openmp-Arm64

Magick.Net-Q16-Openmp-X64

Magick.Net-Q16-Arm64

Magick.Net-Q16-X64

Magick.Net-Q16-X86

Magick.Net-Q8-Anycpu

Magick.Net-Q8-Openmp-Arm64

Magick.Net-Q8-Openmp-X64

Magick.Net-Q8-Arm64

Magick.Net-Q8-X64

Magick.Net-Q8-X86

CVE-2026-45031

Weakness Enumeration

Related Identifiers

Affected Products

References · 3