[CLSA-2026:1783941783] ImageMagick: Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-07-13 11:23:24 UTC
Description:
- CVE-2026-56361: out-of-bounds access in AcquireKernelBuiltIn() (magick/morphology.c) from an off-by-one in the user-kernel origin bounds check, which accepted xi/psi equal to the kernel width or height - CVE-2026-56367: integer overflow of image->rows * psd_info->channels in the PSD RLE reader (coders/psd.c ReadPSDMergedImage) leading to an undersized allocation and heap out-of-bounds access on the 32-bit (i686) build - CVE-2026-56368: memory leak of the acquired QuantumInfo in the raw-pixel writers (coders/bgr.c, cmyk.c, gray.c, rgb.c, ycbcr.c) when OpenBlob() fails and Write*Image returns early - CVE-2026-56370: out-of-bounds write in ConnectedComponentsImage() (magick/vision.c) where a user connected-components:keep/remove id indexes the object array without a range check - CVE-2026-56378: out-of-bounds write in the PCD Huffman decoder DecodeImage() (coders/pcd.c) where crafted input advances the output pointer past the end of the luma buffer
Updated packages:
  • ImageMagick-6.9.10.97-1.amzn2.0.30.tuxcare.els3.i686.rpm
    sha:568654e12a260c1b2dc4a5ceb6851482a82b50843d7b87ca06af5ce5815e1b8d
  • ImageMagick-6.9.10.97-1.amzn2.0.30.tuxcare.els3.x86_64.rpm
    sha:8142c1fc9d9bcd19db040d6b8016035f9c29ef46c8d37c5b12e5cfd9431e6469
  • ImageMagick-c++-6.9.10.97-1.amzn2.0.30.tuxcare.els3.i686.rpm
    sha:db0d39b1f485ad5653f118c629d8b193abb647ec4efa140e20b37e693ec7a28b
  • ImageMagick-c++-6.9.10.97-1.amzn2.0.30.tuxcare.els3.x86_64.rpm
    sha:1944a5bdbaf47f5e0b1283e7626181212f71f37dd48b2ed1ea6e94cc20bbc664
  • ImageMagick-c++-devel-6.9.10.97-1.amzn2.0.30.tuxcare.els3.x86_64.rpm
    sha:212da28988a0d7403271196f66bebfc7da570810af16755127f7e24d973e4246
  • ImageMagick-devel-6.9.10.97-1.amzn2.0.30.tuxcare.els3.x86_64.rpm
    sha:3af4c94b6d94544558f2c7a03cf0afd0da057a2d6c655e747ac317fcb415aa04
  • ImageMagick-doc-6.9.10.97-1.amzn2.0.30.tuxcare.els3.x86_64.rpm
    sha:f37828f40ac1efa363dc608e8898d02fa4c83e492a7a04796f41b9c32f142e52
  • ImageMagick-perl-6.9.10.97-1.amzn2.0.30.tuxcare.els3.x86_64.rpm
    sha:559da5e90023f178d70e95ab3cc5a950039b205fdcfed116c77b328b83e62e51
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.