[CLSA-2026:1777395318] ImageMagick: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-04-28 16:55:23 UTC
Description:
- CVE-2026-33900: integer truncation/wraparound in the viff encoder that could trigger an out-of-bounds heap write on 32-bit builds (GHSA-v67w-737x-v2c9; upstream b6c01a5a23f1e350ebe2db78c7cc326db2e320c9) - CVE-2026-33905: out-of-bounds read in SampleImage when sample:offset is set via -sample define (GHSA-pcvx-ph33-r5vv; upstream 140fc7b01fa7d870b3bc8453fb7adccfb7c1e202 with follow-up 8d73954bf7e13a352e71a32cf7d18905577f17e8)
Updated packages:
  • ImageMagick-6.9.13.25-1.el8_5.tuxcare.els28.x86_64.rpm
    sha:157e3b3978f19c917be63921384eac06f9ebcb0f06a368eada0030c50163b2ae
  • ImageMagick-c++-6.9.13.25-1.el8_5.tuxcare.els28.x86_64.rpm
    sha:31c85ea48758ff4aefb16585470e5b1841fe981019571701c3aabc03c8f06c82
  • ImageMagick-c++-devel-6.9.13.25-1.el8_5.tuxcare.els28.x86_64.rpm
    sha:345befc270d69c877586b5749af010ab31b99925cce48a08d976ddb05e514696
  • ImageMagick-devel-6.9.13.25-1.el8_5.tuxcare.els28.x86_64.rpm
    sha:a6f9fcd3953cb3c017f55c48af962d7dc6086e89a18ce45f2d1a407c9d75e76d
  • ImageMagick-djvu-6.9.13.25-1.el8_5.tuxcare.els28.x86_64.rpm
    sha:79c3b846af596fb4e96beb29b4ca9c36e7559727bf1a6ac6f9a57e9d7caf08f5
  • ImageMagick-doc-6.9.13.25-1.el8_5.tuxcare.els28.x86_64.rpm
    sha:be26a18565b30891b84a4119dd60e42c89a6aa4bda34a8a107581497c309134a
  • ImageMagick-libs-6.9.13.25-1.el8_5.tuxcare.els28.x86_64.rpm
    sha:71af06bf8e3d4ff764cc6582833618529000cd684cac703af88eec591c75a8b6
  • ImageMagick-perl-6.9.13.25-1.el8_5.tuxcare.els28.x86_64.rpm
    sha:3628c1641af2b22d469957b1e0df2ee6c5c5426615ccb83a3d9a73e1369ccf5a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.