[CLSA-2026:1777323301] Fix CVE(s): CVE-2026-33900, CVE-2026-33905
Type:
security
Severity:
Important
Release date:
2026-04-27 20:55:05 UTC
Description:
* SECURITY UPDATE: out-of-bounds heap write in VIFF encoder due to integer truncation on 32-bit builds - debian/patches/CVE-2026-33900.patch: add overflow check in WriteVIFFImage to reject packets values that truncate when cast to size_t, preventing a heap write beyond the allocated buffer - CVE-2026-33900 * SECURITY UPDATE: out-of-bounds read in -sample operation via user supplied sample:offset artifact - debian/patches/CVE-2026-33905.patch: rewrite SampleImage to compute per-pixel x/y offsets inside the inner loop and fetch one virtual pixel at a time, so out-of-range offsets no longer index past the bounds of the source scan line; restores the PseudoClass/CMYK index-queue guard accidentally dropped in the original fix - CVE-2026-33905
Updated packages:
  • imagemagick_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:590d8cf56a9e224c58747eaca79956eab505b95e
  • imagemagick-6.q16_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:d70b038422a89aa282e80e154d509432d2a84466
  • imagemagick-common_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:5da3e62d5dd35d934dcff7180cfbc9711b86b440
  • imagemagick-doc_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:0655e3ee41aaf4002de3e7dfebf397335daf450e
  • libimage-magick-perl_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:8211ed9257410c3b30fa0d905ae0f4be6c4b8a07
  • libimage-magick-q16-perl_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:11a9ec12f82fa093149f78d5854bc4764946a81c
  • libmagick++-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:f34121798beedbe42716f984999c40aa26eed71e
  • libmagick++-6.q16-5v5_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:3a0dbfc751f014ca2c31bd46eef7e3e3c6584223
  • libmagick++-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:ded53bfb50cc1d7326daf74d77d8b16e62ffcb03
  • libmagick++-dev_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:92307fe391274c9a08e67e88732e92add167fe90
  • libmagickcore-6-arch-config_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:97fc96542d48c073370e53dd5b842de80b38fbe2
  • libmagickcore-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:cc93fa460aab067b82a32db756d8a8de531f3241
  • libmagickcore-6.q16-2_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:777f01bd52daeaad9a7cb758e13091a3f06da48c
  • libmagickcore-6.q16-2-extra_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:8f44bdffd82c008f75fbd3b775bb0c4cd218d728
  • libmagickcore-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:e8d685928a94d1173f7ff018bd9852671541394e
  • libmagickcore-dev_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:af5caa91509ebe4f5053126c2d9a8300b9b54076
  • libmagickwand-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:9205d1533fda9056f248335a3f5156fc5b042b1c
  • libmagickwand-6.q16-2_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:b9987a104f09657d85536f69451be95f55f1147a
  • libmagickwand-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els43_amd64.deb
    sha:054425dcc8d6ed73c3f90698f1dc73caec7a99eb
  • libmagickwand-dev_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:51e677b78ce0b1ca8c01c970363ab01b1fd14268
  • perlmagick_6.8.9.9-7ubuntu5.17+tuxcare.els43_all.deb
    sha:b1e4c4bb0755134731474f36a38ee468b373af90
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.