{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: fix vulnerability in image handling\n - debian/patches/CVE-2025-53101.patch: fix vulnerability in image handling\n - CVE-2025-53101\n * SECURITY UPDATE: fix vulnerability in image handling\n - debian/patches/CVE-2025-53014.patch: fix vulnerability in image handling\n - CVE-2025-53014\n * SECURITY UPDATE: fix heap-based buffer overflow in blob handling\n - debian/patches/CVE-2025-57807.patch: fix heap-based buffer overflow in blob handling\n - CVE-2025-57807\n * SECURITY UPDATE: fix heap-based buffer overflow in XBM coder\n - debian/patches/CVE-2026-23876.patch: fix heap-based buffer overflow in XBM coder\n - CVE-2026-23876\n * SECURITY UPDATE: fix buffer overflow in SUN coder\n - debian/patches/CVE-2026-25897.patch: fix buffer overflow in SUN coder\n - CVE-2026-25897\n * SECURITY UPDATE: fix buffer overflow in PCD coder\n - debian/patches/CVE-2026-26284.patch: fix buffer overflow in PCD coder\n - CVE-2026-26284\n * SECURITY UPDATE: fix vulnerability in MSL coder\n - debian/patches/CVE-2026-25968.patch: fix vulnerability in MSL coder\n - CVE-2026-25968\n * SECURITY UPDATE: fix buffer overflow in YUV coder\n - debian/patches/CVE-2026-25986.patch: fix buffer overflow in YUV coder\n - CVE-2026-25986\n * SECURITY UPDATE: fix buffer overflow in MAP coder\n - debian/patches/CVE-2026-25987.patch: fix buffer overflow in MAP coder\n - CVE-2026-25987\n * SECURITY UPDATE: fix buffer overflow in UIL and XPM coders\n - debian/patches/CVE-2026-25898.patch: fix buffer overflow in UIL and XPM coders\n - CVE-2026-25898\n * SECURITY UPDATE: fix heap-use-after-free in MSL coder\n - debian/patches/CVE-2026-25983.patch: fix heap-use-after-free in MSL coder\n - CVE-2026-25983\n * SECURITY UPDATE: fix stack overflow via infinite recursion in MSL, SVG, and draw handling\n - debian/patches/CVE-2026-25971.patch: fix stack overflow via infinite recursion in MSL, SVG, and draw handling\n - CVE-2026-25971", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/debian10els/advisories/2026/clsa-2026_1776180138.json" } ], "tracking": { "current_release_date": "2026-04-14T15:24:45Z", "generator": { "date": "2026-04-14T15:24:45Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776180138", "initial_release_date": "2026-04-14T15:24:45Z", "revision_history": [ { "date": "2026-04-14T15:24:45Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 12 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian None", "product": { "name": "Debian None", "product_id": "Debian-10", "product_identification_helper": { "cpe": "cpe:2.3:o:debian:debian_linux:10:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Debian" } ], "category": "vendor", "name": "Software in the Public Interest, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagick++-6.q16hdri-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-6.q16hdri-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libimage-magick-q16-perl@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagick++-6.q16-8@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/imagemagick@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagick++-6.q16hdri-8@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libimage-magick-q16hdri-perl@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-6-arch-config@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickwand-6.q16hdri-6@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-6.q16-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickwand-6.q16-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagick++-6.q16-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-6.q16hdri-6@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickwand-6.q16-6@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/imagemagick-6.q16hdri@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-6.q16hdri-6-extra@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickwand-6.q16hdri-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/imagemagick-6.q16@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-6.q16-6@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product": { "name": "libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_id": "libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-6.q16-6-extra@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/perlmagick@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagick++-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-6-headers@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagick++-6-headers@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickwand-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/imagemagick-6-doc@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickcore-dev@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/imagemagick-common@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libimage-magick-perl@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/imagemagick-6-common@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libmagickwand-6-headers@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product": { "name": "imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_id": "imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/imagemagick-doc@6.9.10.23%2Bdfsg-2.1%2Bdeb10u7%2Btuxcare.els1?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64" }, "product_reference": "libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" }, "product_reference": "imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-57807", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-57807" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e", "url": "https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-09-05T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25986", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25986" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25968", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25968" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25897", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25897" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25987", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25987" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25971", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25971" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-53101", "cwe": { "id": "CWE-124", "name": "Buffer Underwrite ('Buffer Underflow')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-53101" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774", "url": "https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-07-14T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25967", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25967" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-72hf-fj62-w6j4" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-26284", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-26284" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842" } ], "release_date": "2026-02-24T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-53014", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-53014" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-07-14T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-23876", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23876" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8", "url": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8" } ], "release_date": "2026-01-20T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25983", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25983" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-22770", "cwe": { "id": "CWE-763", "name": "Release of Invalid Pointer or Reference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-22770" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e", "url": "https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c" } ], "release_date": "2026-01-20T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25898", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25898" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T15:22:21.160342Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138", "product_ids": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776180138" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Debian-10:imagemagick-6-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-6.q16-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-6.q16hdri-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:imagemagick-common-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:imagemagick-doc-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libimage-magick-q16-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libimage-magick-q16hdri-perl-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagick++-6.q16-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-8-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagick++-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6-arch-config-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickcore-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-6-extra-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickcore-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6-headers-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:libmagickwand-6.q16-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-6-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-6.q16hdri-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.amd64", "Debian-10:libmagickwand-dev-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all", "Debian-10:perlmagick-8:6.9.10.23+dfsg-2.1+deb10u7+tuxcare.els1.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] } ] }