{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-25797: fix PostScript/HTML code injection via unsanitized filenames\n- CVE-2026-25982: fix heap out-of-bounds read in DICOM colormap decoder\n- CVE-2026-25968: fix stack buffer overflow in MSL opacity attribute processing\n- CVE-2026-25986: fix heap buffer overflow write in YUV 4:2:2 decoder\n- CVE-2026-25987: fix heap buffer over-read in MAP image decoder\n- CVE-2026-25970: fix signed integer overflow in SIXEL decoder\n- CVE-2026-23952: fix NULL pointer dereference in MSL comment/label handlers\n- CVE-2026-30883: fix heap buffer overflow in PNG profile writer\n- CVE-2026-25988: fix MSL stack index not updated causing memory leak\n- CVE-2026-27798: fix heap buffer over-read in WaveletDenoiseImage\n- CVE-2026-25965: fix path traversal bypassing security policy", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2026/clsa-2026_1773923672.json" } ], "tracking": { "current_release_date": "2026-03-19T12:36:19Z", "generator": { "date": "2026-03-19T12:36:19Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1773923672", "initial_release_date": "2026-03-19T12:36:19Z", "revision_history": [ { "date": "2026-03-19T12:36:19Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "ImageMagick: Fix of 11 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product": { "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_id": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product": { "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_id": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick-c++-devel@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product": { "name": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_id": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick-perl@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product": { "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_id": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick-c++@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product": { "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_id": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick-devel@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product": { "name": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_id": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick-doc@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product": { "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product_id": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product": { "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product_id": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick-c++-devel@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product": { "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product_id": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick-c++@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product": { "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product_id": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ImageMagick-devel@6.9.10.68-7.0.3.el7_9.tuxcare.els6?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" }, "product_reference": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686" }, "product_reference": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" }, "product_reference": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686" }, "product_reference": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" }, "product_reference": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" }, "product_reference": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686" }, "product_reference": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" }, "product_reference": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686" }, "product_reference": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" }, "product_reference": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-25970", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25970" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25986", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25986" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-30883", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-30883" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc" } ], "release_date": "2026-03-10T07:44:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25968", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25968" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-23952", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23952" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2" } ], "release_date": "2026-01-22T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25987", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25987" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25797", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code ('Code Injection')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25797" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-27798", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-27798" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738", "url": "https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3" } ], "release_date": "2026-02-26T00:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25988", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25988" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25965", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25965" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25982", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25982" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T12:34:35.200035Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672", "product_ids": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773923672" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686", "Oracle-Linux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64", "Oracle-Linux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }