{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: denial-of-service via division-by-zero in image loading\n - debian/patches/CVE-2026-25799.patch: Fix sampling-factor validation by\n replacing incorrect AND with OR in horizontal/vertical axis checks and\n prevent acceptance of invalid sampling caused by flawed boolean logic.\n - CVE-2026-25799\n * SECURITY UPDATE: Null pointer dereference in ClonePixelCacheRepository\n resulting in denial-of-service\n - debian/patches/CVE-2026-25798.patch: Add overflow sanity check in\n OpenPixelCache and reset cache storage class and length before throwing\n on allocation failure\n - CVE-2026-25798\n * SECURITY UPDATE: memory leak in ReadSTEGANOImage that can be exploited for\n denial-of-service\n - debian/patches/CVE-2026-25796.patch: free watermark object on three\n early-return paths\n - CVE-2026-25796\n * SECURITY UPDATE: a crafted profile contain invalid IPTC data may cause an\n infinite loop when writing it with `IPTCTEXT`\n - debian/patches/CVE-2026-26066.patch: replace `c=0` with\n `c=ReadBlobByte(ifile)` in formatIPTC so the loop advances past an\n unrecognised tag instead of spinning forever\n - CVE-2026-26066", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2026/clsa-2026_1773308764.json" } ], "tracking": { "current_release_date": "2026-03-12T09:47:20Z", "generator": { "date": "2026-03-12T09:47:20Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1773308764", "initial_release_date": "2026-03-12T09:47:20Z", "revision_history": [ { "date": "2026-03-12T09:47:20Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix CVE(s): CVE-2026-25796, CVE-2026-25798, CVE-2026-25799, CVE-2026-26066" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6-arch-config@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagick++-6.q16-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagick++-6.q16-5v5@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/imagemagick@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickwand-6.q16-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6.q16-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/imagemagick-6.q16@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6.q16-2@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6.q16-2-extra@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libimage-magick-q16-perl@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } }, { "category": "product_version", "name": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product": { "name": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_id": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickwand-6.q16-2@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/imagemagick-common@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickwand-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagick++-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/perlmagick@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libimage-magick-perl@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickwand-6-headers@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/imagemagick-doc@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagick++-6-headers@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } }, { "category": "product_version", "name": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product": { "name": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_id": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6-headers@6.8.9.9-7ubuntu5.17%2Btuxcare.els33?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" }, "product_reference": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64" }, "product_reference": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-25799", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25799" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-12T09:46:06.807158Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25796", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25796" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-12T09:46:06.807158Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25798", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25798" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-12T09:46:06.807158Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-26066", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-26066" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3" } ], "release_date": "2026-02-24T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-12T09:46:06.807158Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773308764" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els33.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }