{}

{}

{}

{"acknowledgement": "Red Hat would like to thank Shubham Raj (Cipher) for reporting this issue.", "bugzilla": {"description": "GraphicsMagick: GraphicsMagick: Memory corruption via crafted Photo CD (PCD) file", "id": "2494107", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494107"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in GraphicsMagick's Photo CD (PCD) decoder. A remote attacker could exploit this vulnerability by providing a specially crafted PCD file. This could lead to an out-of-bounds write, corrupting memory and potentially causing a denial of service or other unpredictable system behavior."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-13606", "public_date": "2026-06-28T12:34:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-13606\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-13606\nhttps://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/937cdd9920bd966517c5f7a3595397af96b6ab6f"], "statement": "This Important flaw in GraphicsMagick's PCD decoder allows an out-of-bounds write when processing a specially crafted PCD file under specific decoding conditions, such as a page/subimage index of 4 or higher, or a size hint of 1536x1024 or greater. This could lead to heap corruption and potentially arbitrary code execution, impacting applications that process untrusted PCD image files.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "graphicsmagick", "vendor": "graphicsmagick"}], "created": "2026-06-29T13:30:05.886034+00:00", "updated": "2026-06-29T18:15:03.436446+00:00", "vendors": ["graphicsmagick", "graphicsmagick$PRODUCT$graphicsmagick"]}