{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-32636: out-of-bounds write of a single zero byte in\n ConvertUTF16ToUTF8 via NewXMLTree when resizing UTF-8 buffer", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/advisories/2026/clsa-2026_1776257772.json" } ], "tracking": { "current_release_date": "2026-04-15T23:12:09Z", "generator": { "date": "2026-04-15T23:12:09Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776257772", "initial_release_date": "2026-04-15T12:56:14Z", "revision_history": [ { "date": "2026-04-15T12:56:14Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-15T23:12:09Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "ImageMagick: Fix of CVE-2026-32636" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product": { "name": "ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_id": "ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-c++-devel@6.9.13.25-1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product": { "name": "ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_id": "ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-perl@6.9.13.25-1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product": { "name": "ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_id": "ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-c++@6.9.13.25-1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product": { "name": "ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_id": "ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-doc@6.9.13.25-1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product": { "name": "ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_id": "ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-devel@6.9.13.25-1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product": { "name": "ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_id": "ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-djvu@6.9.13.25-1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product": { "name": "ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_id": "ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-libs@6.9.13.25-1.el8_5.tuxcare.els27?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product": { "name": "ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_id": "ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick@6.9.13.25-1.el8_5.tuxcare.els27?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" }, "product_reference": "ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-25970", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25970" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-30883", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-30883" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc" } ], "release_date": "2026-03-10T07:44:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25966", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped \"secure\" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of \"no stdin/stdout.\" Versions 7.1.2-15 and 6.9.13-40 contain a patch by including a change to the more secure policies by default. As a workaround, add the change to one's security policy manually.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25966" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xwc6-v6g8-pw2h", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xwc6-v6g8-pw2h" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-62171", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-62171" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00", "url": "https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00019.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00019.html" } ], "release_date": "2025-10-17T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-23952", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23952" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2" } ], "release_date": "2026-01-22T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25796", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25796" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-32636", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-32636" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-17", "url": "https://github.com/ImageMagick/ImageMagick/releases/tag/7.1.2-17" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gc62-2v5p-qpmp", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gc62-2v5p-qpmp" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.11.0", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.11.0" } ], "release_date": "2026-03-18T21:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-27798", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-27798" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738", "url": "https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3" } ], "release_date": "2026-02-26T00:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-26283", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-26283" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v" } ], "release_date": "2026-02-24T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-69204", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-69204" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e", "url": "https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw" } ], "release_date": "2025-12-30T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-55298", "cwe": { "id": "CWE-123", "name": "Write-what-where Condition" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-55298" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5", "url": "https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-08-26T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25988", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25988" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25965", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25965" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-55154", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-55154" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82" }, { "category": "external", "summary": "https://goo.gle/bigsleep", "url": "https://goo.gle/bigsleep" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-08-13T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25798", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25798" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68618", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68618" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb", "url": "https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637" } ], "release_date": "2025-12-30T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-15T12:56:14.988868Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772", "product_ids": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776257772" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:ImageMagick-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-c++-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-devel-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-djvu-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-doc-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-libs-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64", "CentOS-8.5:ImageMagick-perl-0:6.9.13.25-1.el8_5.tuxcare.els27.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }