Allocation of Resources Without Limits or Throttling in magick.net-q16-x64 | CVE-2026-45031

Q: How to fix?

Upgrade Magick.NET-Q16-x64 to version 14.13.1 or higher.

Introduced: 18 May 2026

NewCVE-2026-45031 (opens in a new tab) CWE-770 (opens in a new tab)

How to fix?

Upgrade Magick.NET-Q16-x64 to version 14.13.1 or higher.

Overview

Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop.

More information about specific builds see the [official docs] (https://github.com/dlemstra/Magick.NET/tree/main/docs)

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the PSD decoder due to a missing check for the list-length resource policy. An attacker can cause excessive resource consumption by providing a specially crafted PSD image that bypasses the intended policy limits.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
Passive

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
Low

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Allocation of Resources Without Limits or Throttling Affecting magick.net-q16-x64 package, versions [,14.13.1)

Severity

Do your applications use this vulnerable package?

Snyk Learn

Introduced: 18 May 2026

How to fix?

Overview

References

CVSS Base Scores

Snyk