[CLSA-2026:1781606042] ImageMagick: Fix of 9 CVEs
Type:
security
Severity:
Critical
Release date:
2026-06-16 10:34:30 UTC
Description:
- CVE-2026-45358: off-by-one out-of-bounds read in the meta (8BIM/IPTC) encoder - CVE-2026-46559: heap buffer over-write of a single byte in the JP2 encoder - CVE-2026-49218: missing dimension check in the DCM decoder (zero rows/columns) - CVE-2026-53461: heap buffer over-write in the ICON decoder due to an incorrect loop bound - CVE-2026-53463: NULL pointer dereference in the distort operation on missing arguments - CVE-2026-53460: missing maximum-memory-request check in AcquireAlignedMemory - CVE-2026-46692: heap buffer over-write in the distributed pixel cache server - CVE-2026-46693: file-descriptor hijacking race in the distributed pixel cache server - CVE-2026-47166: heap buffer over-read in the distributed pixel cache server
Updated packages:
  • ImageMagick-6.9.13.25-1.el8_5.tuxcare.els32.x86_64.rpm
    sha:d623c23de4e8da429ba23c970db1d1a9cceb203473fb9d735785ce6765d3716d
  • ImageMagick-c++-6.9.13.25-1.el8_5.tuxcare.els32.x86_64.rpm
    sha:17d5670ddfd6df841d69eb251e05e52d003b5e7518233e86b206501d0f61ca60
  • ImageMagick-c++-devel-6.9.13.25-1.el8_5.tuxcare.els32.x86_64.rpm
    sha:a479fa0a60970ef3f5656ae49745c003f0b027a4b8c9721a18afb516ef1475e9
  • ImageMagick-devel-6.9.13.25-1.el8_5.tuxcare.els32.x86_64.rpm
    sha:93db9f288769d1b7c8679bfc88108b78e4cb64ed091f62f775e7bfe8f38b21c6
  • ImageMagick-djvu-6.9.13.25-1.el8_5.tuxcare.els32.x86_64.rpm
    sha:dce06aabbc6b2ab410041283ab65156210d5d7187d25297457b2abd47f0d1ce5
  • ImageMagick-doc-6.9.13.25-1.el8_5.tuxcare.els32.x86_64.rpm
    sha:2f879a51a082ccc2f2f6665183335045ecb7bf23ec87f5f2cdea10c322b04e90
  • ImageMagick-libs-6.9.13.25-1.el8_5.tuxcare.els32.x86_64.rpm
    sha:c0b7c64d29d6650d794b0365d9ac45c7a2c857cb00a8c2dfab3a6e371b4997f2
  • ImageMagick-perl-6.9.13.25-1.el8_5.tuxcare.els32.x86_64.rpm
    sha:27ddf2c66591d9fef20411631f38148781a05dd187c29abc7850f959ddfb5f1c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.