[CLSA-2026:1783345013] ImageMagick: Fix of 8 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-06 13:37:19 UTC
Description:
- CVE-2026-46522: add the missing length==0 checks to the MIFF decoder BZ2/LZMA/zlib decompression paths to reject empty compressed chunks and prevent an infinite loop (CPU exhaustion) on crafted files - CVE-2026-46523: mark the MSL coder as not supporting direct blob I/O (entry->blob_support=MagickFalse in RegisterMSLImage) to prevent a heap-use-after-free triggered by a crafted MSL image
Updated packages:
  • ImageMagick-6.9.13.25-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:c24c99b299db92b741fe9dd168c11c2ba10a0aae086f5ca5acff36dbb1db0a40
  • ImageMagick-c++-6.9.13.25-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:691c8aac097552fafa1bba2bbb75e2fbe435c8d9ff9312347a993e583772023f
  • ImageMagick-c++-devel-6.9.13.25-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:73dc8a1fed843a04394c3a42313914c4b3de7cced71ad6a3f995f42c28c06e82
  • ImageMagick-devel-6.9.13.25-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:585400649065760170a7e079e566632b27a31e1277d28b6f9c91480bbbe982cc
  • ImageMagick-djvu-6.9.13.25-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:f0cd98252d18400a7e55a24e0253dafdf90b903c48d3a931206d0547918fad0f
  • ImageMagick-doc-6.9.13.25-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:ed7c7557941f50f8842f37c92185377d6112a7f18226c8313feb48604a1b5740
  • ImageMagick-libs-6.9.13.25-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:c32df752bf56c3586c35a73e788aa9ceb4435f9f849a96f7b1b88278510e58e3
  • ImageMagick-perl-6.9.13.25-1.el9_2.tuxcare.els13.x86_64.rpm
    sha:6d4ccc1fbfe38d578ecf9648953d5d5b8b759462afecdbd7fcd800c37f019e13
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.