[CLSA-2026:1781605653] ImageMagick: Fix of 9 CVEs
Type:
security
Severity:
Critical
Release date:
2026-06-16 10:27:58 UTC
Description:
- CVE-2026-45358: off-by-one out-of-bounds read in the meta (8BIM/IPTC) encoder - CVE-2026-46559: heap buffer over-write of a single byte in the JP2 encoder - CVE-2026-49218: missing dimension check in the DCM decoder (zero rows/columns) - CVE-2026-53461: heap buffer over-write in the ICON decoder due to an incorrect loop bound - CVE-2026-53463: NULL pointer dereference in the distort operation on missing arguments - CVE-2026-53460: missing maximum-memory-request check in AcquireAlignedMemory - CVE-2026-46692: heap buffer over-write in the distributed pixel cache server - CVE-2026-46693: file-descriptor hijacking race in the distributed pixel cache server - CVE-2026-47166: heap buffer over-read in the distributed pixel cache server
Updated packages:
  • ImageMagick-6.9.13.25-1.el8_4.tuxcare.els32.x86_64.rpm
    sha:75e519faa65bc4dbea798890f102b8d9de9dd992877e4fb1e43510d98f48b46e
  • ImageMagick-c++-6.9.13.25-1.el8_4.tuxcare.els32.x86_64.rpm
    sha:e8acd324f26d59c3f4d46a5d8ea7cd5c52ae603d8e6d2fdae4d3461f68216d12
  • ImageMagick-c++-devel-6.9.13.25-1.el8_4.tuxcare.els32.x86_64.rpm
    sha:2828aa6b37a5031bba1ae6ae4e167f94bf0b8fc1081ecf6d0d58000f5c3a9869
  • ImageMagick-devel-6.9.13.25-1.el8_4.tuxcare.els32.x86_64.rpm
    sha:08ae43b5ba69740a96173484a422bb778e4a8d9695caec098d05124b21b76834
  • ImageMagick-djvu-6.9.13.25-1.el8_4.tuxcare.els32.x86_64.rpm
    sha:deb357371890a3105dbf581e8765c15b7bcfac6913567d86d2557ea34617ddf4
  • ImageMagick-doc-6.9.13.25-1.el8_4.tuxcare.els32.x86_64.rpm
    sha:d82a6d8d579c5cdb780e843d677cc99dc30c4c35b5066a94da8f6a5992df1fa1
  • ImageMagick-libs-6.9.13.25-1.el8_4.tuxcare.els32.x86_64.rpm
    sha:d23598f81ff1ee69754cf49249ddeebb37245961c5c75774a8aa9cd9b467f366
  • ImageMagick-perl-6.9.13.25-1.el8_4.tuxcare.els32.x86_64.rpm
    sha:a79b5046a8b36fc306f2ec5c2a573eca83d384a41a7282dcc712d1bba324884c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.