[CLSA-2026:1777542477] Fix CVE(s): CVE-2026-28690
Type:
security
Severity:
Important
Release date:
2026-04-30 09:48:01 UTC
Description:
* SECURITY UPDATE: stack buffer overflow in MNG/JNG encoder — missing NULL check after ImageToBlob() in WriteOneJNGImage could propagate a NULL blob pointer into later stack buffer operations (GHSA-7h7q-j33q-hvpf). - debian/patches/CVE-2026-28690.patch: bail out of WriteOneJNGImage when ImageToBlob() returns NULL, destroying jpeg_image and jpeg_image_info before returning MagickFalse (upstream e6e874875e48dd9838acca3bd22c14a4d2f1b3ca) - CVE-2026-28690
Updated packages:
  • imagemagick_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:ff751c3a69b80e63e310504e55c8430e86c98dc6
  • imagemagick-6.q16_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:7c4e240f62e641f54db60f77bc065afb36fda120
  • imagemagick-common_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:4ae8961fcdb01d3b433853a2a0ce41d94c962b2b
  • imagemagick-doc_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:ff0f68d70b03b005c852ad2ccffcc37b2b7f3d12
  • libimage-magick-perl_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:8f7c7366ecc1a2156b07f43e1f81be1f28801622
  • libimage-magick-q16-perl_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:f4963514f504fdd45dcad2c36cf5b1fced3fec90
  • libmagick++-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:cf701d7081abf344deeeb09569a018601afeb345
  • libmagick++-6.q16-5v5_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:5d6a8999532c0c3c50ab2b71eae0898dd8401e4a
  • libmagick++-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:6bb2d72e1ec2a052115321767a604741bc1430ad
  • libmagick++-dev_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:9ec304198c48742d33c7fabadb71dd3835326f43
  • libmagickcore-6-arch-config_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:0423a623ce9a75efd55c18fb6624dd194cf76938
  • libmagickcore-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:b277079c36de5cc9791ea32855885a43c95300f3
  • libmagickcore-6.q16-2_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:9cf5389fe3713964ac1b44073b17770dca685a96
  • libmagickcore-6.q16-2-extra_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:b9a51d9347c30ed386ad65ee2d2e2d41af8ba55c
  • libmagickcore-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:80b8d245549ecbb52bf07d1eff8e2f4f84d27f31
  • libmagickcore-dev_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:647b742c1ee6e4c0c35319b5702bbf50f7b5fd0b
  • libmagickwand-6-headers_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:09d35789d59813d787ab76a148ee69094d7a7c76
  • libmagickwand-6.q16-2_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:442b93df1ea5f721bb81a8cb2b50ea804d424e91
  • libmagickwand-6.q16-dev_6.8.9.9-7ubuntu5.17+tuxcare.els45_amd64.deb
    sha:7e9fc379a299a4ee79db0ddfdfb92628fde1804c
  • libmagickwand-dev_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:28c24b2f52a757f8250022917fb5f3fc2d1dd503
  • perlmagick_6.8.9.9-7ubuntu5.17+tuxcare.els45_all.deb
    sha:ee37074385cf13afbc6886a27265ee2f7c0d1594
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.