{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: stack buffer overflow in msl.c (attribute handling),\n path traversal bypass of security policy, XSS in HTML coder output,\n and MSL attribute overflow\n - debian/patches/CVE-2026-25797_CVE-2026-25965_CVE-2026-25968_CVE-2026-25982.patch: Fix memory leaks,\n stack overflows, integer overflows and out‑of‑bounds reads; add bounds\n checks, validate DCM entry sizes, sanitize PostScript filenames,\n canonicalize paths and free resources; escape user-controlled strings\n written as raw HTML in the HTML coder; cause was unsafe header and\n filename parsing, incorrect assumptions about byte counts, path\n resolution, unnormalized path matching allowing policy bypass, and\n unescaped HTML output enabling cross-site scripting.\n - CVE-2026-25797\n - CVE-2026-25965\n - CVE-2026-25968\n - CVE-2026-25982\n * SECURITY UPDATE: null pointer dereference in msl.c (repage/roll handlers)\n - debian/patches/CVE-2026-25983.patch: move image null‑checks before\n accessing image attributes in the repage and roll MSL tag handlers;\n cause was dereferencing the image pointer for page geometry and\n dimensions before verifying the image was defined.\n - CVE-2026-25983\n * SECURITY UPDATE: infinite recursion via crafted MSL/SVG/MVG files\n - debian/patches/CVE-2026-25971.patch: add global Splay tree guards in\n MSL and SVG coders to detect and reject recursive image references;\n block dangerous protocols (ftp, http, mvg, vid) in DrawPrimitive;\n cause was unbounded recursion through nested image reads.\n - CVE-2026-25971\n * SECURITY UPDATE: null pointer dereference in msl.c (comment/label handlers)\n - debian/patches/CVE-2026-23952.patch: add image null-checks before\n accessing image properties in the comment and label MSL end-element\n handlers; cause was dereferencing the image pointer for\n DeleteImageProperty before verifying the image was defined.\n - CVE-2026-23952\n * SECURITY UPDATE: MSLPushImage return value not captured\n - debian/patches/CVE-2026-25988.patch: change MSLPushImage to return\n the new image index and capture the return value in the MSL image\n tag handler; cause was the local index variable not being updated\n after pushing a new image onto the stack.\n - CVE-2026-25988", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2026/clsa-2026_1774010344.json" } ], "tracking": { "current_release_date": "2026-03-20T12:40:48Z", "generator": { "date": "2026-03-20T12:40:48Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1774010344", "initial_release_date": "2026-03-20T12:40:48Z", "revision_history": [ { "date": "2026-03-20T12:40:48Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 8 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/imagemagick-doc@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6-headers@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagick++-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickwand-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickwand-6-headers@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagick++-6-headers@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/imagemagick-common@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/perlmagick@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } }, { "category": "product_version", "name": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product": { "name": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_id": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libimage-magick-perl@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=all" } } } ], "category": "architecture", "name": "all" }, { "branches": [ { "category": "product_version", "name": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/imagemagick@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6.q16-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagick++-6.q16-5v5@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libimage-magick-q16-perl@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickwand-6.q16-2@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/imagemagick-6.q16@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickwand-6.q16-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6.q16-2-extra@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagick++-6.q16-dev@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6-arch-config@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } }, { "category": "product_version", "name": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product": { "name": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_id": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/libmagickcore-6.q16-2@6.8.9.9-7ubuntu5.17%2Btuxcare.els39?arch=amd64" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64" }, "product_reference": "libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" }, "product_reference": "libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-25968", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25968" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-20T12:39:06.087073Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-23952", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23952" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2" } ], "release_date": "2026-01-22T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-20T12:39:06.087073Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25971", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25971" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-20T12:39:06.087073Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25797", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code ('Code Injection')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicous file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed. The html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and injection arbitrary html code. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25797" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-20T12:39:06.087073Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-25988", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25988" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-20T12:39:06.087073Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25983", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25983" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-20T12:39:06.087073Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25965", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25965" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-20T12:39:06.087073Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25982", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25982" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-20T12:39:06.087073Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344", "product_ids": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774010344" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "Ubuntu-16:imagemagick-6.q16-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:imagemagick-common-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:imagemagick-doc-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libimage-magick-q16-perl-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagick++-6.q16-5v5-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagick++-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6-arch-config-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickcore-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-2-extra-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickcore-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6-headers-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:libmagickwand-6.q16-2-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-6.q16-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.amd64", "Ubuntu-16:libmagickwand-dev-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all", "Ubuntu-16:perlmagick-8:6.8.9.9-7ubuntu5.17+tuxcare.els39.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }