{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Bump release", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/cloudlinux7els/advisories/2026/clsa-2026_1776168783.json" } ], "tracking": { "current_release_date": "2026-04-23T18:53:16Z", "generator": { "date": "2026-04-23T18:53:16Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776168783", "initial_release_date": "2026-04-14T12:13:05Z", "revision_history": [ { "date": "2026-04-14T12:13:05Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-23T18:53:16Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Update of ImageMagick" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CloudLinux 7", "product": { "name": "CloudLinux 7", "product_id": "CloudLinux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:cloudlinux:cloudlinux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "CloudLinux" } ], "category": "vendor", "name": "Cloud Linux Software, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product": { "name": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_id": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-perl@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product": { "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_id": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product": { "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_id": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-c++@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product": { "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_id": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-c++-devel@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product": { "name": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_id": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-doc@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=x86_64" } } }, { "category": "product_version", "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product": { "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_id": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-devel@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product": { "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product_id": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=i686" } } }, { "category": "product_version", "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product": { "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product_id": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-c++@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=i686" } } }, { "category": "product_version", "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product": { "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product_id": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-c++-devel@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=i686" } } }, { "category": "product_version", "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product": { "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product_id": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/ImageMagick-devel@6.9.10.68-7.0.3.el7_9.tuxcare.els10?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" }, "product_reference": "ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686" }, "product_reference": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" }, "product_reference": "ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" }, "product_reference": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686" }, "product_reference": "ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686" }, "product_reference": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" }, "product_reference": "ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" }, "product_reference": "ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686" }, "product_reference": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" }, "product_reference": "ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "relates_to_product_reference": "CloudLinux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-57807", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-57807" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e", "url": "https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-09-05T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25970", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25970" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25986", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25986" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-30883", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-30883" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc" } ], "release_date": "2026-03-10T07:44:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25968", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25968" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-62171", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-62171" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00", "url": "https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00019.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00019.html" } ], "release_date": "2025-10-17T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25795", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25795" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-55212", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (\":\") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-55212" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355", "url": "https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/geometry.c#L355" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629", "url": "https://github.com/ImageMagick/ImageMagick/blob/0ba1b587be17543b664f7ad538e9e51e0da59d17/MagickCore/resize.c#L4625-L4629" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af", "url": "https://github.com/ImageMagick/ImageMagick/commit/5f0bcf986b8b5e90567750d31a37af502b73f2af" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-08-26T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-23952", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23952" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.2" } ], "release_date": "2026-01-22T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25897", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25897" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-57803", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-57803" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7", "url": "https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-08-26T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25987", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25987" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25971", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25971" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-24481", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-24481" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-53101", "cwe": { "id": "CWE-124", "name": "Buffer Underwrite ('Buffer Underflow')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-53101" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774", "url": "https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-07-14T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25799", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25799" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25985", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25985" } ], "release_date": "2026-02-24T01:43:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25796", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25796" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-26284", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-26284" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842" } ], "release_date": "2026-02-24T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-27798", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-27798" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738", "url": "https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3" } ], "release_date": "2026-02-26T00:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-53014", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-53014" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-07-14T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-26283", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-26283" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v" } ], "release_date": "2026-02-24T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-69204", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-69204" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e", "url": "https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw" } ], "release_date": "2025-12-30T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-55298", "cwe": { "id": "CWE-123", "name": "Write-what-where Condition" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-55298" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5", "url": "https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645" }, { "category": "external", "summary": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1", "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.8.1" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-08-26T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25988", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25988" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-23876", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. Versions 7.1.2-13 and 6.9.13-38 fix the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23876" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8", "url": "https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8" } ], "release_date": "2026-01-20T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25983", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25983" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-25965", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25965" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-55154", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-55154" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82" }, { "category": "external", "summary": "https://goo.gle/bigsleep", "url": "https://goo.gle/bigsleep" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-08-13T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25798", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25798" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4" } ], "release_date": "2026-02-24T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-25898", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25898" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr" } ], "release_date": "2026-02-24T02:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-68618", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68618" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb", "url": "https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637" } ], "release_date": "2025-12-30T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-26066", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-26066" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3" } ], "release_date": "2026-02-24T03:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-53019", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-53019" }, { "category": "external", "summary": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc", "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html" } ], "release_date": "2025-07-14T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-14T12:13:05.717886Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783", "product_ids": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776168783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-c++-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.i686", "CloudLinux-7:ImageMagick-devel-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-doc-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64", "CloudLinux-7:ImageMagick-perl-0:6.9.10.68-7.0.3.el7_9.tuxcare.els10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }