[CLSA-2026:1783349363] ImageMagick: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-08 15:51:26 UTC
Description:
- CVE-2026-46522: add the missing length==0 checks to the MIFF decoder BZ2/LZMA/zlib decompression paths to reject empty compressed chunks and prevent an infinite loop (CPU exhaustion) on crafted files - CVE-2026-46523: mark the MSL coder as not supporting direct blob I/O (entry->blob_support=MagickFalse in RegisterMSLImage) to prevent a heap-use-after-free triggered by a crafted MSL image
Updated packages:
  • ImageMagick-6.9.13.25-1.el9_6.tuxcare.els13.x86_64.rpm
    sha:9208c31774b88fdb73c904d36c0c128d90e4c1d8ca58bc6be7889ddf559c99c8
  • ImageMagick-c++-6.9.13.25-1.el9_6.tuxcare.els13.x86_64.rpm
    sha:857bf39073c9e275f6e2f04b8162ee50212fec8846ef294ccf62356eed0afe57
  • ImageMagick-c++-devel-6.9.13.25-1.el9_6.tuxcare.els13.x86_64.rpm
    sha:d75caed386e1aa5b0e7ee2675ae3dbc17a3dd9ef830d3f6c44381b2451a7524d
  • ImageMagick-devel-6.9.13.25-1.el9_6.tuxcare.els13.x86_64.rpm
    sha:1d2f0012a93dac191a2080a616269b4edcb5e6b92d00e90c90c384190691d3d3
  • ImageMagick-djvu-6.9.13.25-1.el9_6.tuxcare.els13.x86_64.rpm
    sha:37f8e54d894ac2007e9f108979ddc9ba4d112af1766b2e37a186e0d66ef51c04
  • ImageMagick-doc-6.9.13.25-1.el9_6.tuxcare.els13.x86_64.rpm
    sha:73cfb0114d3afc7270eae29d1f8b245a0cb3186ac746e3e412ca40a0430476e6
  • ImageMagick-libs-6.9.13.25-1.el9_6.tuxcare.els13.x86_64.rpm
    sha:13da07cdc83eae0b933ec56efe2c56954cc3784ea490834a57dd8112fee010a6
  • ImageMagick-perl-6.9.13.25-1.el9_6.tuxcare.els13.x86_64.rpm
    sha:e8096a307d5c3fde61783c5b98d7914a53d631cb92300b662ccd1acd4a152d09
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.