{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "7.1.1.13.tuxcare.els6-r0:\n - CVE-2026-25799\n - CVE-2026-25965\n - CVE-2026-25967\n - CVE-2026-25969\n - CVE-2026-25970\n - CVE-2026-25988\n - CVE-2026-26066\n - CVE-2026-26283", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/alpinelinux3.18els/advisories/2026/clsa-2026_1775730672.json" } ], "tracking": { "current_release_date": "2026-04-09T10:32:40Z", "generator": { "date": "2026-04-09T10:32:40Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1775730672", "initial_release_date": "2026-04-09T10:32:40Z", "revision_history": [ { "date": "2026-04-09T10:32:40Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "imagemagick: Fix of 8 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Alpine Linux 3.18", "product": { "name": "Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18", "product_identification_helper": { "cpe": "cpe:2.3:o:alpinelinux:alpine_linux:3.18:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Alpine Linux" } ], "category": "vendor", "name": "Alpine Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "product": { "name": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_id": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-doc@7.1.1.13.tuxcare.els6-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "product": { "name": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_id": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-perlmagick@7.1.1.13.tuxcare.els6-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "product": { "name": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_id": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-dev@7.1.1.13.tuxcare.els6-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "product": { "name": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_id": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-perlmagick-doc@7.1.1.13.tuxcare.els6-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "product": { "name": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_id": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-c++@7.1.1.13.tuxcare.els6-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64", "product": { "name": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_id": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-static@7.1.1.13.tuxcare.els6-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "product": { "name": "imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_id": "imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick@7.1.1.13.tuxcare.els6-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "product": { "name": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_id": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-libs@7.1.1.13.tuxcare.els6-rr0?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "product": { "name": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_id": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-doc@7.1.1.13.tuxcare.els6-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "product": { "name": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_id": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-perlmagick@7.1.1.13.tuxcare.els6-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "product": { "name": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_id": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-dev@7.1.1.13.tuxcare.els6-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "product": { "name": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_id": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-perlmagick-doc@7.1.1.13.tuxcare.els6-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "product": { "name": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_id": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-c++@7.1.1.13.tuxcare.els6-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "product": { "name": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_id": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-static@7.1.1.13.tuxcare.els6-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "product": { "name": "imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_id": "imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick@7.1.1.13.tuxcare.els6-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "product": { "name": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_id": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/imagemagick-libs@7.1.1.13.tuxcare.els6-rr0?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64" }, "product_reference": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64" }, "product_reference": "imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64" }, "product_reference": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64" }, "product_reference": "imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64" }, "product_reference": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64" }, "product_reference": "imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64" }, "product_reference": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64" }, "product_reference": "imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64" }, "product_reference": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64" }, "product_reference": "imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64" }, "product_reference": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" }, "product_reference": "imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64" }, "product_reference": "imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64" }, "product_reference": "imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64" }, "product_reference": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64" }, "product_reference": "imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-25970", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25970" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T10:31:14.340616Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "product_ids": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25799", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25799" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T10:31:14.340616Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "product_ids": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25967", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25967" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T10:31:14.340616Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "product_ids": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-26283", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-26283" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v" } ], "release_date": "2026-02-24T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T10:31:14.340616Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "product_ids": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25988", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25988" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T10:31:14.340616Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "product_ids": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25969", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25969" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T10:31:14.340616Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "product_ids": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25965", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25965" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T10:31:14.340616Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "product_ids": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-26066", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-26066" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3" } ], "release_date": "2026-02-24T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T10:31:14.340616Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672", "product_ids": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775730672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-c++-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-dev-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-libs-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-perlmagick-doc-7.1.1.13.tuxcare.els6-rr0.x86_64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.aarch64", "Alpine-Linux-3.18:imagemagick-static-7.1.1.13.tuxcare.els6-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }