Advisories for Nuget/Magick.NET-Q16-OpenMP-X86 package

2026

ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load

NULL pointer dereference in MSL (Magick Scripting Language) parser when processing <comment> tag before any image is loaded.

ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion. Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

ImageMagick releases an invalid pointer in BilateralBlur when memory allocation fails

The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails.

2025

ImageMagick has XMP profile write that triggers hang due to unbounded loop

Infinite lines occur when writing during a specific XMP file conversion command