{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"ImageMagick security update", "category":"general", "title":"Synopsis" }, { "text":"An update for ImageMagick is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-24481)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-24484)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-24485)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25576)\n\nImageMagick is a widely used open-source software suite for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in the ASHLAR image writer. An attacker can exploit this vulnerability by providing a specially crafted image file, which causes small memory objects to be allocated but never freed. Continuous processing of such malicious images will gradually exhaust the process memory, ultimately leading to a Denial of Service (DoS) condition. This vulnerability is classified under CWE-401 (Improper Release of Memory Before Removing Last Reference).(CVE-2026-25637)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a memory leak vulnerability exists in `coders/msl.c`. The vulnerability stems from the `WriteMSLImage` function returning early without releasing allocated resources. A remote attacker could exploit this vulnerability by providing a specially crafted image file, leading to memory exhaustion and ultimately resulting in a Denial of Service (DoS) condition, rendering the system or application unavailable. This vulnerability is classified as CWE-401 (Memory Leak).(CVE-2026-25638)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. The `WriteUHDRImage` function in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows the 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out-of-bounds heap write, which could be exploited to cause a denial of service or, in some cases, arbitrary code execution.(CVE-2026-25794)\n\nImageMagick is a widely used free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference vulnerability exists in the `ReadSFWImage()` function located in `coders/sfw.c`. When temporary file creation fails, the `read_info` structure is destroyed before its `filename` member is accessed, causing the program to dereference a NULL pointer and crash. An attacker could exploit this issue to cause a Denial of Service (DoS).(CVE-2026-25795)\n\nImageMagick is a free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a memory leak vulnerability exists in the `ReadSTEGANOImage()` function within `coders/stegano.c`. On three error/early-return paths, the function fails to properly free the `watermark` Image object, resulting in a definite memory leak (approximately 13.5KB+ per invocation). An attacker can exploit this flaw by repeatedly triggering the leak, consuming excessive system memory and leading to a Denial of Service (DoS).(CVE-2026-25796)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicious file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed, potentially leading to arbitrary code execution. Additionally, the html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and inject arbitrary html code.(CVE-2026-25797)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service.(CVE-2026-25798)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. An attacker can exploit this vulnerability by tricking a user into processing a specially crafted image file, causing the ImageMagick process to crash.(CVE-2026-25799)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash.(CVE-2026-25898)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick's path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as `/etc/*` can be bypassed by a path traversal (e.g., using `../`). The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when `policy-secure.xml` is applied.(CVE-2026-25965)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. The shipped \"secure\" security policy includes a rule intended to prevent reading/writing from standard streams (stdin/stdout). However, ImageMagick also supports `fd:` pseudo-filenames (e.g., `fd:0`, `fd:1`). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of \"no stdin/stdout.\" An attacker can exploit this flaw by using `fd:` pseudo-filenames to circumvent the intended security restrictions, potentially leading to unauthorized access to standard input/output and subsequent information disclosure or data manipulation.(CVE-2026-25966)\n\nImageMagick is a free and open-source software suite for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow vulnerability exists in the FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to an application crash and resulting in a Denial of Service (DoS). The CWE identifier for this vulnerability is CWE-121 (Stack-based Buffer Overflow).(CVE-2026-25967)\n\nImageMagick is free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow vulnerability exists when processing an attribute in msl.c. A long attribute value overflows a fixed-size stack buffer, leading to memory corruption. A remote attacker could exploit this by providing a specially crafted image file with a long attribute value, potentially resulting in denial of service or arbitrary code execution.(CVE-2026-25968)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` function allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. A remote attacker could exploit this by providing a specially crafted image, leading to resource exhaustion and a denial of service (DoS), making the system or application unavailable to legitimate users.(CVE-2026-25969)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25970)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25971)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25982)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25983)\n\nA security vulnerability exists in ImageMagick's internal SVG decoder where memory allocation lacks proper limits. Attackers can exploit this vulnerability through specially crafted SVG files to cause memory exhaustion or denial of service.(CVE-2026-25985)\n\nImageMagick is a free and open-source software suite for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in the ReadYUVImage() function (located in coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer, resulting in an out-of-bounds write. This vulnerability can be exploited by a remote attacker by providing a specially crafted image file, potentially leading to a denial of service (DoS) and impacting the confidentiality, integrity, and availability of the system.(CVE-2026-25986)\n\nImageMagick is a widely used open-source image processing software. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in its MAP image decoder when processing crafted MAP files. A remote attacker could exploit this by providing a specially crafted MAP file, potentially leading to application crashes (denial of service) or unintended disclosure of sensitive information from process memory during image decoding.(CVE-2026-25987)\n\nImageMagick is a widely used open-source image processing software. A flaw exists in the MSL (Magick Scripting Language) parsing component (msl.c) in versions prior to 7.1.2-15 and 6.9.13-40. When processing certain images, this component fails to correctly update the internal stack index, causing image data to be stored in an incorrect stack slot. When an error occurs during processing, the memory allocated to this incorrect slot is not properly freed, resulting in a memory leak. An attacker could exploit this vulnerability by providing a specially crafted image file, leading to continuous memory consumption and potentially causing a Denial of Service (DoS) condition.(CVE-2026-25988)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an integer overflow or wraparound and incorrect conversion between numeric types vulnerability exists in its internal SVG decoder. Specifically, an off-by-one boundary check (using `>` instead of `>=`) allows bypassing the guard and reaching an undefined `(size_t)` cast. A remote attacker could exploit this vulnerability by providing a specially crafted SVG file, leading to a denial of service (DoS) condition, making the software unavailable to legitimate users.(CVE-2026-25989)\n\nImageMagick contains an infinite loop vulnerability when writing IPTCTEXT data from crafted profiles, which can be exploited by attackers to cause denial of service.(CVE-2026-26066)\n\nA possible infinite loop vulnerability exists in the JPEG encoder of ImageMagick when using the `jpeg:extent` parameter, which could lead to denial of service.(CVE-2026-26283)\n\nImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains a function that has an incorrect initialization that could cause an out-of-bounds read. This vulnerability could allow a remote attacker to cause information disclosure or a denial of service.(CVE-2026-26284)\n\nImageMagick contains a use-after-free vulnerability when processing invalid MSL tags. An attacker can cause program crashes or potentially execute arbitrary code by crafting malicious image files.(CVE-2026-26983)", "category":"general", "title":"Description" }, { "text":"An update for ImageMagick is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"ImageMagick", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1455", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" }, { "summary":"CVE-2026-24481", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-24481&packageName=ImageMagick" }, { "summary":"CVE-2026-24484", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-24484&packageName=ImageMagick" }, { "summary":"CVE-2026-24485", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-24485&packageName=ImageMagick" }, { "summary":"CVE-2026-25576", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25576&packageName=ImageMagick" }, { "summary":"CVE-2026-25637", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25637&packageName=ImageMagick" }, { "summary":"CVE-2026-25638", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25638&packageName=ImageMagick" }, { "summary":"CVE-2026-25794", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25794&packageName=ImageMagick" }, { "summary":"CVE-2026-25795", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25795&packageName=ImageMagick" }, { "summary":"CVE-2026-25796", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25796&packageName=ImageMagick" }, { "summary":"CVE-2026-25797", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25797&packageName=ImageMagick" }, { "summary":"CVE-2026-25798", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25798&packageName=ImageMagick" }, { "summary":"CVE-2026-25799", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25799&packageName=ImageMagick" }, { "summary":"CVE-2026-25898", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25898&packageName=ImageMagick" }, { "summary":"CVE-2026-25965", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25965&packageName=ImageMagick" }, { "summary":"CVE-2026-25966", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25966&packageName=ImageMagick" }, { "summary":"CVE-2026-25967", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25967&packageName=ImageMagick" }, { "summary":"CVE-2026-25968", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25968&packageName=ImageMagick" }, { "summary":"CVE-2026-25969", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25969&packageName=ImageMagick" }, { "summary":"CVE-2026-25970", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25970&packageName=ImageMagick" }, { "summary":"CVE-2026-25971", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25971&packageName=ImageMagick" }, { "summary":"CVE-2026-25982", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25982&packageName=ImageMagick" }, { "summary":"CVE-2026-25983", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25983&packageName=ImageMagick" }, { "summary":"CVE-2026-25985", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25985&packageName=ImageMagick" }, { "summary":"CVE-2026-25986", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25986&packageName=ImageMagick" }, { "summary":"CVE-2026-25987", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25987&packageName=ImageMagick" }, { "summary":"CVE-2026-25988", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25988&packageName=ImageMagick" }, { "summary":"CVE-2026-25989", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25989&packageName=ImageMagick" }, { "summary":"CVE-2026-26066", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-26066&packageName=ImageMagick" }, { "summary":"CVE-2026-26283", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-26283&packageName=ImageMagick" }, { "summary":"CVE-2026-26284", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-26284&packageName=ImageMagick" }, { "summary":"CVE-2026-26983", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-26983&packageName=ImageMagick" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24481" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24484" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24485" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25576" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25637" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25638" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25794" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25795" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25796" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25797" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25798" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25799" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25898" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25965" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25966" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25967" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25968" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25969" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25970" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25971" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25982" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25983" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25985" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25986" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25987" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25988" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25989" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26066" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26283" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26284" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26983" }, { "summary":"openEuler-SA-2026-1455 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1455.json" } ], "title":"An update for ImageMagick is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2026-03-02T14:19:29+08:00", "revision_history":[ { "date":"2026-03-02T14:19:29+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-02T14:19:29+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-02T14:19:29+08:00", "id":"openEuler-SA-2026-1455", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-7.1.2.15-1.oe2403.aarch64.rpm", "name":"ImageMagick-7.1.2.15-1.oe2403.aarch64.rpm" }, "name":"ImageMagick-7.1.2.15-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-c++-7.1.2.15-1.oe2403.aarch64.rpm", "name":"ImageMagick-c++-7.1.2.15-1.oe2403.aarch64.rpm" }, "name":"ImageMagick-c++-7.1.2.15-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64.rpm", "name":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64.rpm" }, "name":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64.rpm", "name":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64.rpm" }, "name":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64.rpm", "name":"ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64.rpm" }, "name":"ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-devel-7.1.2.15-1.oe2403.aarch64.rpm", "name":"ImageMagick-devel-7.1.2.15-1.oe2403.aarch64.rpm" }, "name":"ImageMagick-devel-7.1.2.15-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-perl-7.1.2.15-1.oe2403.aarch64.rpm", "name":"ImageMagick-perl-7.1.2.15-1.oe2403.aarch64.rpm" }, "name":"ImageMagick-perl-7.1.2.15-1.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-7.1.2.15-1.oe2403.src.rpm", "name":"ImageMagick-7.1.2.15-1.oe2403.src.rpm" }, "name":"ImageMagick-7.1.2.15-1.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-7.1.2.15-1.oe2403.x86_64.rpm", "name":"ImageMagick-7.1.2.15-1.oe2403.x86_64.rpm" }, "name":"ImageMagick-7.1.2.15-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-c++-7.1.2.15-1.oe2403.x86_64.rpm", "name":"ImageMagick-c++-7.1.2.15-1.oe2403.x86_64.rpm" }, "name":"ImageMagick-c++-7.1.2.15-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64.rpm", "name":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64.rpm" }, "name":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64.rpm", "name":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64.rpm" }, "name":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64.rpm", "name":"ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64.rpm" }, "name":"ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-devel-7.1.2.15-1.oe2403.x86_64.rpm", "name":"ImageMagick-devel-7.1.2.15-1.oe2403.x86_64.rpm" }, "name":"ImageMagick-devel-7.1.2.15-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-perl-7.1.2.15-1.oe2403.x86_64.rpm", "name":"ImageMagick-perl-7.1.2.15-1.oe2403.x86_64.rpm" }, "name":"ImageMagick-perl-7.1.2.15-1.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ImageMagick-help-7.1.2.15-1.oe2403.noarch.rpm", "name":"ImageMagick-help-7.1.2.15-1.oe2403.noarch.rpm" }, "name":"ImageMagick-help-7.1.2.15-1.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-7.1.2.15-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "name":"ImageMagick-7.1.2.15-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-c++-7.1.2.15-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "name":"ImageMagick-c++-7.1.2.15-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "name":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "name":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "name":"ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-devel-7.1.2.15-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "name":"ImageMagick-devel-7.1.2.15-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-perl-7.1.2.15-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "name":"ImageMagick-perl-7.1.2.15-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-7.1.2.15-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "name":"ImageMagick-7.1.2.15-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-7.1.2.15-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "name":"ImageMagick-7.1.2.15-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-c++-7.1.2.15-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "name":"ImageMagick-c++-7.1.2.15-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "name":"ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "name":"ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "name":"ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-devel-7.1.2.15-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "name":"ImageMagick-devel-7.1.2.15-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-perl-7.1.2.15-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "name":"ImageMagick-perl-7.1.2.15-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ImageMagick-help-7.1.2.15-1.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch", "name":"ImageMagick-help-7.1.2.15-1.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-24481", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-24481" }, { "cve":"CVE-2026-24484", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-24484" }, { "cve":"CVE-2026-24485", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-24485" }, { "cve":"CVE-2026-25576", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.1, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25576" }, { "cve":"CVE-2026-25637", "notes":[ { "text":"ImageMagick is a widely used open-source software suite for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in the ASHLAR image writer. An attacker can exploit this vulnerability by providing a specially crafted image file, which causes small memory objects to be allocated but never freed. Continuous processing of such malicious images will gradually exhaust the process memory, ultimately leading to a Denial of Service (DoS) condition. This vulnerability is classified under CWE-401 (Improper Release of Memory Before Removing Last Reference).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25637" }, { "cve":"CVE-2026-25638", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a memory leak vulnerability exists in `coders/msl.c`. The vulnerability stems from the `WriteMSLImage` function returning early without releasing allocated resources. A remote attacker could exploit this vulnerability by providing a specially crafted image file, leading to memory exhaustion and ultimately resulting in a Denial of Service (DoS) condition, rendering the system or application unavailable. This vulnerability is classified as CWE-401 (Memory Leak).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25638" }, { "cve":"CVE-2026-25794", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. The `WriteUHDRImage` function in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows the 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out-of-bounds heap write, which could be exploited to cause a denial of service or, in some cases, arbitrary code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.2, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-25794" }, { "cve":"CVE-2026-25795", "notes":[ { "text":"ImageMagick is a widely used free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference vulnerability exists in the `ReadSFWImage()` function located in `coders/sfw.c`. When temporary file creation fails, the `read_info` structure is destroyed before its `filename` member is accessed, causing the program to dereference a NULL pointer and crash. An attacker could exploit this issue to cause a Denial of Service (DoS).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25795" }, { "cve":"CVE-2026-25796", "notes":[ { "text":"ImageMagick is a free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a memory leak vulnerability exists in the `ReadSTEGANOImage()` function within `coders/stegano.c`. On three error/early-return paths, the function fails to properly free the `watermark` Image object, resulting in a definite memory leak (approximately 13.5KB+ per invocation). An attacker can exploit this flaw by repeatedly triggering the leak, consuming excessive system memory and leading to a Denial of Service (DoS).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25796" }, { "cve":"CVE-2026-25797", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicious file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed, potentially leading to arbitrary code execution. Additionally, the html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and inject arbitrary html code.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.7, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25797" }, { "cve":"CVE-2026-25798", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25798" }, { "cve":"CVE-2026-25799", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. An attacker can exploit this vulnerability by tricking a user into processing a specially crafted image file, causing the ImageMagick process to crash.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25799" }, { "cve":"CVE-2026-25898", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25898" }, { "cve":"CVE-2026-25965", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick's path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as `/etc/*` can be bypassed by a path traversal (e.g., using `../`). The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when `policy-secure.xml` is applied.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.6, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-25965" }, { "cve":"CVE-2026-25966", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped \"secure\" security policy includes a rule intended to prevent reading/writing from standard streams (stdin/stdout). However, ImageMagick also supports `fd:` pseudo-filenames (e.g., `fd:0`, `fd:1`). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of \"no stdin/stdout.\" An attacker can exploit this flaw by using `fd:` pseudo-filenames to circumvent the intended security restrictions, potentially leading to unauthorized access to standard input/output and subsequent information disclosure or data manipulation.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25966" }, { "cve":"CVE-2026-25967", "notes":[ { "text":"ImageMagick is a free and open-source software suite for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow vulnerability exists in the FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to an application crash and resulting in a Denial of Service (DoS). The CWE identifier for this vulnerability is CWE-121 (Stack-based Buffer Overflow).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-25967" }, { "cve":"CVE-2026-25968", "notes":[ { "text":"ImageMagick is free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow vulnerability exists when processing an attribute in msl.c. A long attribute value overflows a fixed-size stack buffer, leading to memory corruption. A remote attacker could exploit this by providing a specially crafted image file with a long attribute value, potentially resulting in denial of service or arbitrary code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-25968" }, { "cve":"CVE-2026-25969", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` function allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. A remote attacker could exploit this by providing a specially crafted image, leading to resource exhaustion and a denial of service (DoS), making the system or application unavailable to legitimate users.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25969" }, { "cve":"CVE-2026-25970", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25970" }, { "cve":"CVE-2026-25971", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.2, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25971" }, { "cve":"CVE-2026-25982", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25982" }, { "cve":"CVE-2026-25983", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25983" }, { "cve":"CVE-2026-25985", "notes":[ { "text":"A security vulnerability exists in ImageMagick's internal SVG decoder where memory allocation lacks proper limits. Attackers can exploit this vulnerability through specially crafted SVG files to cause memory exhaustion or denial of service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-25985" }, { "cve":"CVE-2026-25986", "notes":[ { "text":"ImageMagick is a free and open-source software suite for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in the ReadYUVImage() function (located in coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer, resulting in an out-of-bounds write. This vulnerability can be exploited by a remote attacker by providing a specially crafted image file, potentially leading to a denial of service (DoS) and impacting the confidentiality, integrity, and availability of the system.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25986" }, { "cve":"CVE-2026-25987", "notes":[ { "text":"ImageMagick is a widely used open-source image processing software. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in its MAP image decoder when processing crafted MAP files. A remote attacker could exploit this by providing a specially crafted MAP file, potentially leading to application crashes (denial of service) or unintended disclosure of sensitive information from process memory during image decoding.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25987" }, { "cve":"CVE-2026-25988", "notes":[ { "text":"ImageMagick is a widely used open-source image processing software. A flaw exists in the MSL (Magick Scripting Language) parsing component (msl.c) in versions prior to 7.1.2-15 and 6.9.13-40. When processing certain images, this component fails to correctly update the internal stack index, causing image data to be stored in an incorrect stack slot. When an error occurs during processing, the memory allocated to this incorrect slot is not properly freed, resulting in a memory leak. An attacker could exploit this vulnerability by providing a specially crafted image file, leading to continuous memory consumption and potentially causing a Denial of Service (DoS) condition.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25988" }, { "cve":"CVE-2026-25989", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an integer overflow or wraparound and incorrect conversion between numeric types vulnerability exists in its internal SVG decoder. Specifically, an off-by-one boundary check (using `>` instead of `>=`) allows bypassing the guard and reaching an undefined `(size_t)` cast. A remote attacker could exploit this vulnerability by providing a specially crafted SVG file, leading to a denial of service (DoS) condition, making the software unavailable to legitimate users.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-25989" }, { "cve":"CVE-2026-26066", "notes":[ { "text":"ImageMagick contains an infinite loop vulnerability when writing IPTCTEXT data from crafted profiles, which can be exploited by attackers to cause denial of service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.2, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-26066" }, { "cve":"CVE-2026-26283", "notes":[ { "text":"A possible infinite loop vulnerability exists in the JPEG encoder of ImageMagick when using the `jpeg:extent` parameter, which could lead to denial of service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.2, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-26283" }, { "cve":"CVE-2026-26284", "notes":[ { "text":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains a function that has an incorrect initialization that could cause an out-of-bounds read. This vulnerability could allow a remote attacker to cause information disclosure or a denial of service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-26284" }, { "cve":"CVE-2026-26983", "notes":[ { "text":"ImageMagick contains a use-after-free vulnerability when processing invalid MSL tags. An attacker can cause program crashes or potentially execute arbitrary code by crafting malicious image files.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ], "details":"ImageMagick security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1455" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.aarch64", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.src", "openEuler-24.03-LTS:ImageMagick-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-c++-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debuginfo-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-debugsource-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-devel-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-perl-7.1.2.15-1.oe2403.x86_64", "openEuler-24.03-LTS:ImageMagick-help-7.1.2.15-1.oe2403.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-26983" } ] }