Vulnerability of Magik.net

anonymous-edc · July 24, 2025, 4:57pm

Hello!

Since yesterday we have these warnings :

Warning As Error: Package 'Magick.NET-Q16-HDRI-AnyCPU' 14.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-vmhh-8rxq-fp9g [D:\jwrk\p11\workspace\p11-staging-main\J\Engine\Source\Programs\Shared\EpicGames.ScriptBuild\EpicGames.ScriptBuild.csproj] [dotnet build] ***\J\Engine\Source\Programs\AutomationTool\Gauntlet\Gauntlet.Automation.csproj : error NU1903: Warning As Error: Package 'Magick.NET-Q16-HDRI-AnyCPU' 14.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-vmhh-8rxq-fp9g [***\J\Engine\Source\Programs\Shared\EpicGames.ScriptBuild\EpicGames.ScriptBuild.csproj] [dotnet build] Build FAILED. [dotnet build] ***\J\Engine\Source\Programs\AutomationTool\AutomationUtils\AutomationUtils.Automation.csproj : error NU1903: Warning As Error: Package 'Magick.NET-Q16-HDRI-AnyCPU' 14.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-vmhh-8rxq-fp9g [***\J\Engine\Source\Programs\Shared\EpicGames.ScriptBuild\EpicGames.ScriptBuild.csproj] [dotnet build] ***\J\Engine\Source\Programs\AutomationTool\Gauntlet\Gauntlet.Automation.csproj : error NU1903: Warning As Error: Package 'Magick.NET-Q16-HDRI-AnyCPU' 14.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-vmhh-8rxq-fp9g [***\J\Engine\Source\Programs\Shared\EpicGames.ScriptBuild\EpicGames.ScriptBuild.csproj]I updated :

/Engine/Source/Programs/AutomationTool/AutomationTool.csproj

/Engine/Source/Programs/AutomationTool/AutomationUtils/AutomationUtils.Automation.csproj

/Engine/Source/Programs/AutomationTool/Gauntlet/Gauntlet.Automation.csproj

To use Magik.net 14.7

Is it something that you are going to do to prevent thse warnings?

Thanks!

anonymous-edc · July 24, 2025, 4:57pm

Steps to Reproduce
Compile the 5.6.0 engine

Patrick_Laflamme · July 24, 2025, 5:26pm

Hi,

Thanks for reporting, we also upgraded it today, CL 44305997 (https://github.com/EpicGames/UnrealEngine/commit/a967190c4caee9dedc834d89f3c322cc356d6f30\) on UE5/Main and it was merged to UE 5.6 at CL 44311406. You can probably keep your fix as it looks like the one we did.

Regards,

Patrick

anonymous-edc · July 24, 2025, 5:35pm

Thanks a lot [mention removed] for the quick answer and the quick fix!

WIll it be integrated in 5.6.1?

Patrick_Laflamme · July 24, 2025, 5:37pm

Yes, it will be part of 5.6.1.

anonymous-edc · July 24, 2025, 5:42pm

Thanks again!

Do you know or can you say when 5.6.1 will be released?

(I integrated your fix to have the same as you have)

Patrick_Laflamme · July 24, 2025, 5:57pm

The 5.6.1 is scheduled to be out somewhere in middle of August 2025. Sometime the date shifts, but that’s what I know today.

anonymous-edc · July 24, 2025, 6:01pm

Thanks a lot!

Much appreciated!

You can close the case!

Moddtoulder · August 26, 2025, 2:00pm

Had to bump to 14.8 on 5.6.1: ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree · CVE-2025-55160 · GitHub Advisory Database · GitHub